Error -17: the SSL certificate is invalid on linux

[okhmedd]

---

Bugsquad note: This issue has been confirmed several times already. No need to confirm it further.

---

Using Garuda Linux with openssl-3.0.7-4, libxcrypt-4.4.33-1, git-2.39.0-1, and libgit2-1:1.5.0-2, Godot 4 beta 10. Using the repo with CLI works just fine.

The server is running Gitea 1.17.3, SSL by Let's encrypt. Apache acts as reverse proxy with a subpath. Server's git version is 2.30.2. The same repo was successfully tested on Windows 10, so that shouldn't be a server issue.

Git LFS is used in the target repo, configured properly both on the server and locally.

Trying to pull using HTTP:
GitPlugin: Performing fetch from origin core/variant/variant_utility.cpp:880 - GitPlugin: Could not connect to remote "origin". Are your credentials correct? Try using a PAT token (in case you are using Github) as your password. Error -17: the SSL certificate is invalid in godot-git-plugin/src/git_plugin.cpp:_fetch#L411

SSH doesn't work, too:
GitPlugin: Performing fetch from origin core/variant/variant_utility.cpp:880 - GitPlugin: Could not connect to remote "origin". Are your credentials correct? Try using a PAT token (in case you are using Github) as your password. Error -16: Failed to retrieve list of SSH authentication methods: Failed getting response in godot-git-plugin/src/git_plugin.cpp:_fetch#L411

[Karl-Jansky]

I'm having the same issue on Mac

[Jcodefox]

Same here with Void linux and Godot stable 4.0 release.

[yunylz]

same issue here on Mac and godot4

[Calinou]

@Karl-Jansky @Jcodefox @chaeyan Which Git server are you reproducing this issue with? If it's self-hosted, can you post the address here if it's publicly reachable?

Can you post the link to a report from SSL Labs when using the Git server address you're trying to pull/push from? I wonder if the SSL library godot-git-plugin links against lacks support for TLS 1.3 or certain cipher suites that your server requires.

[okhmedd]

Also, Godot 3 version of this plugin works out of the box with the same server and client setup.

[delcake]

I'm observing the same issue on a self-hosted Gitea (v1.19.0) Docker container behind a Caddy reverse proxy. Godot version is 4.0.1.stable. I have confirmed that authentication to Gitea works as expected outside of Godot when tried on CLI via SSH using the configured public key.

When attempting to push via the HTTPS endpoint:
core/variant/variant_utility.cpp:894 - GitPlugin: Could not connect to remote "origin". Are your credentials correct? Try using a PAT token (in case you are using Github) as your password. Error -17: the SSL certificate is invalid in godot-git-plugin/src/git_plugin.cpp:_push#L532

Push via SSH endpoint:
core/variant/variant_utility.cpp:894 - GitPlugin: Could not connect to remote "origin". Are your credentials correct? Try using a PAT token (in case you are using Github) as your password. Error -16: Failed to retrieve list of SSH authentication methods: Failed getting response in godot-git-plugin/src/git_plugin.cpp:_push#L532

The domain I'm testing with is https://git.vgari.es/ and an SSL Labs report is available here.

[akasakakona]

Same issue on MacOS as well.
I tried compiling the plugin myself and I think this error is the problem:

Text version:

/Library/Developer/CommandLineTools/usr/bin/ranlib: for architecture: x86_64 file: thirdparty/bin/libgit2.a(auth_negotiate.macos.editor.universal.o) has no symbols
/Library/Developer/CommandLineTools/usr/bin/ranlib: for architecture: x86_64 file: thirdparty/bin/libgit2.a(auth_ntlm.macos.editor.universal.o) has no symbols
/Library/Developer/CommandLineTools/usr/bin/ranlib: for architecture: x86_64 file: thirdparty/bin/libgit2.a(winhttp.macos.editor.universal.o) has no symbols
/Library/Developer/CommandLineTools/usr/bin/ranlib: for architecture: x86_64 file: thirdparty/bin/libgit2.a(openssl_dynamic.macos.editor.universal.o) has no symbols
/Library/Developer/CommandLineTools/usr/bin/ranlib: for architecture: x86_64 file: thirdparty/bin/libgit2.a(openssl_legacy.macos.editor.universal.o) has no symbols
/Library/Developer/CommandLineTools/usr/bin/ranlib: for architecture: x86_64 file: thirdparty/bin/libgit2.a(stransport.macos.editor.universal.o) has no symbols
/Library/Developer/CommandLineTools/usr/bin/ranlib: for architecture: x86_64 file: thirdparty/bin/libgit2.a(pcre_string_utils.macos.editor.universal.o) has no symbols

[drakonicguy]

Having the same issue, (arch) linux and repo hosted on codeberg

[singlerider]

Same issue:

Remotes:

• Codeberg (SSH)
• GitHub (PAT)

Godot Git Plugin (4.0+)

• v3.0.0

[delcake]

As an aside to the main issue, I might suggest that these error codes could be updated to only append the suggestion about PAT tokens in the case that the plugin observes that GitHub is the destination and an actual authentication failure occurs. Just to keep the errors themselves more focused on where the process actually failed.

[yunylz]

This error still occurs on latest VCS and 4.0.2 of Godot and I am using a GitHub repo, not Gitea

[peachey2k2]

I'm having the same issue here on Arch and with my repo being hosted on Github. Tried with password, PAT (both with old and fine-grained ones) and ssh keys, but to no avail. Git itself works just fine; I can pull and push from command line, but the plugin itself can't do that.

[AgilMonkey]

I builded the latest repo (Oct 3, 2023) and i manage to push and pull to my github repo using PAT.
Using Garuda Linux (2.6.17-1) with openssl-3.1.4-1, libgit2-1:1.7.1-1, git-2.42.0-1, and using godot 4.1.2-1.
It seems the newest commit fixed it.

[yunylz]

This still occurs on mac with latest godot and latest vcs with the 4.1 libraries...

[AndreaRigoni]

Hi, I got it working recompiling the plugin with godot-cpp 4.2 and rebuilding the libssl.a libcrypto.a at latest version.

very rough procedure for arch:

# clone git-plugin
git clone https://github.com/godotengine/godot-git-plugin.git

# init godot sources submodule
cd godot-git-plugin/
git submodule update --init

# change godot sources to version 4.2
cd godot-cpp/
git checkout origin/4.2

# stage current submodule version
cd ..
git add godot-cpp/

# create proper openssl static libraries ( in arch you need to recompile the static version )
mkdir thirdparty/openssl_linux
cd thirdparty/openssl_linux
git clone https://aur.archlinux.org/openssl-git.git
cd openssl-git/

# here you need to change the script so it build stati libraries:
# remove the line "shared" in the build target of PKGBUILD 
# add provides=("openssl=$pkgver" 'libcrypto.a' 'libssl.a')
nano PKGBUILD
makepkg

# copy the stati libraries in openss_linux folder
cp ./pkg/openssl-git/usr/lib/*.a ../
cd ../..

# point scons to get the static variables  in SConstruct
# edit line as the following:
# opts.Add(PathVariable("linux_openssl_static_ssl", "Path to OpenSSL libssl.a library - only used in Linux builds.",
#         os.path.join(os.path.abspath(os.getcwd()), "thirdparty/openssl_linux/libssl.a"), PathVariable.PathAccept))
# opts.Add(PathVariable("linux_openssl_static_crypto", "Path to OpenSSL libcrypto.a library - only used in Linux builds.",
#         os.path.join(os.path.abspath(os.getcwd()), "thirdparty/openssl_linux/libcrypto.a"), PathVariable.PathAccept))
nano SConstruct

# build
scons platform=linux target=editor -j 6

# enjoy the working so in: scons platform=<platform> target=editor -j 6

[ChrisClems]

Currently experiencing this issue. Godot 4.2.1 Mono with plugin v 3.1.0 on Manjaro.

core/variant/variant_utility.cpp:1091 - GitPlugin: Could not connect to remote "origin". Are your credentials correct? Try using a PAT token (in case you are using Github) as your password. Error -17: the SSL certificate is invalid in godot-git-plugin/src/git_plugin.cpp:_push#L532

[BirDt]

Experiencing this issue with Godot 4.2.1, plugin version 3.1.1, on Void Linux.

[dmchmk]

Same here, NixOS 23.11, Godot v4.2.2.stable.official [15073afe3] installed using Godots from Flathub

[poleve540]

Same problem here! On EndeavourOS using Godot 4.2.2

[Uncle-Khans-Phrontistery]

Same problem. Error -17
Mac OS 14.4.1 Godot 4.2.2

[coco-is-magik]

I am having this issue using Godot 4.2.2, git works fine from the command line

[coco-is-magik]

Per my own:

I am having this issue using Godot 4.2.2, git works fine from the command line

and Andrea's:

Hi, I got it working recompiling the plugin with godot-cpp 4.2 and rebuilding the libssl.a libcrypto.a at latest version.

very rough procedure for arch:

# clone git-plugin
git clone https://github.com/godotengine/godot-git-plugin.git

# init godot sources submodule
cd godot-git-plugin/
git submodule update --init

# change godot sources to version 4.2
cd godot-cpp/
git checkout origin/4.2

# stage current submodule version
cd ..
git add godot-cpp/

# create proper openssl static libraries ( in arch you need to recompile the static version )
mkdir thirdparty/openssl_linux
cd thirdparty/openssl_linux
git clone https://aur.archlinux.org/openssl-git.git
cd openssl-git/

# here you need to change the script so it build stati libraries:
# remove the line "shared" in the build target of PKGBUILD 
# add provides=("openssl=$pkgver" 'libcrypto.a' 'libssl.a')
nano PKGBUILD
makepkg

# copy the stati libraries in openss_linux folder
cp ./pkg/openssl-git/usr/lib/*.a ../
cd ../..

# point scons to get the static variables  in SConstruct
# edit line as the following:
# opts.Add(PathVariable("linux_openssl_static_ssl", "Path to OpenSSL libssl.a library - only used in Linux builds.",
#         os.path.join(os.path.abspath(os.getcwd()), "thirdparty/openssl_linux/libssl.a"), PathVariable.PathAccept))
# opts.Add(PathVariable("linux_openssl_static_crypto", "Path to OpenSSL libcrypto.a library - only used in Linux builds.",
#         os.path.join(os.path.abspath(os.getcwd()), "thirdparty/openssl_linux/libcrypto.a"), PathVariable.PathAccept))
nano SConstruct

# build
scons platform=linux target=editor -j 6

# enjoy the working so in: scons platform=<platform> target=editor -j 6

comments I was able to find a solution on Gentoo, and I think my procedure should work on other linux systems as well. I detailed my steps in this gist. Please note that I found there were a few extra steps after the end of @AndreaRigoni 's very helpful comment that I had to take in order to get the plugin to work with a remote repo on github in my project. I left my notes on that in the aforementioned gist.

[cclawhon]

Same issue 8-2-24, Mac M1 Max, Sonoma 14.5
I am using PAT from GitHub with GitHub username, Terminal using git.
Have Homebrew installed and updated to latest if that matters but don't think I'm using that for git stuff lol (I'm new to Terminal)
userharddrive/gameDev/gitrepository
userharddrive/gameDev/godotprojectfolder

pushes to local fine but not to GitHub

[TrainDoctor]

Hi, I got it working recompiling the plugin with godot-cpp 4.2 and rebuilding the libssl.a libcrypto.a at latest version.

Recreated the same conditions and had the same fix work for me as well.