PROSAGA码农传奇-redmine-SSL可与浏览器，wget和curl一起使用，但与git一起使用会失败

我有一个网站用来托管redmine和几个git存储库这对于http非常适合，但是我无法使用https克隆，即<code>git clone http://mysite.com/git/test.git</code> 工作正常，但是<code>git clone https://mysite.com/git/test.git</code> 失败了奇怪的是，https似乎对我测试过的其他所有内容都起作用。如果我打开<a href="https://mysite.com/git/test.git">https://mysite.com/git/test.git</a> 在浏览器（经过chrome和firefox测试）中，我没有收到任何错误或警告。我还可以curl <a href="https://mysite.com/git/test.git">https://mysite.com/git/test.git</a> wget <a href="https://mysite.com/git/test.git">https://mysite.com/git/test.git</a> 两者都可以正常工作，没有任何抱怨或警告。这是git的详细输出：
<pre><code>$ GIT_CURL_VERBOSE=1 git clone https://user@mysite.com/test/test.git
Cloning into test...
Password:
* Couldn't find host mysite.com in the .netrc file; using defaults
* About to connect() to mysite.com port 443 (#0)
* Trying 127.0.0.1... * Connected to mysite.com (127.0.0.1) port 443 (#0)
* found 157 certificates in /etc/ssl/certs/ca-certificates.crt
* server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
* Closing connection #0
* Couldn't find host mysite.com in the .netrc file; using defaults
* About to connect() to mysite.com port 443 (#0)
* Trying 127.0.0.1... * Connected to mysite.com (127.0.0.1) port 443 (#0)
* found 157 certificates in /etc/ssl/certs/ca-certificates.crt
* server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
* Closing connection #0
error: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none while accessing https://user\
@mysite.com/test/test.git/info/refs

fatal: HTTP request failed
</code></pre>这是curl的详细输出，其中的个人信息已更改：
<pre><code>* About to connect() to mysite.com port 443 (#0)
* Trying 127.0.0.1... connected
* Connected to mysite.com (127.0.0.1) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
 CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using DHE-RSA-AES256-SHA
* Server certificate:
* subject: C=US; <... cut my certs info ...>
* start date: 2011-10-18 00:00:00 GMT
* expire date: 2013-10-17 23:59:59 GMT
* subjectAltName: mysite.com matched
* issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO High-Assurance Secure Server CA
* SSL certificate verify ok.
> GET / HTTP/1.1
> User-Agent: curl/7.21.6 (x86_64-pc-linux-gnu) libcurl/7.21.6 OpenSSL/1.0.0e zlib/1.2.3.4 libidn/1.22 librtmp/2.3
> Host: mysite.com
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Tue, 18 Oct 2011 21:39:54 GMT
< Server: Apache/2.2.14 (Ubuntu)
< Last-Modified: Fri, 14 Oct 2011 03:20:01 GMT
< ETag: "8209c-87-4af39bb89ccac"
< Accept-Ranges: bytes
< Content-Length: 135
< Vary: Accept-Encoding
< Content-Type: text/html
< X-Pad: avoid browser bug
<
Welcome to the mysite.com
* Connection #0 to host mysite.com left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
</code></pre>我能看到的唯一区别是git似乎正在使用显式CAfile，而curl会使用整个目录？我是ssl的新手（至少在管理员方面），所以我不确定这是什么意思或如何配置git以使其与curl相同。我在Ubuntu 10.04上使用git 1.7.5.4和apache 2.2.14。我尝试从3个不同的Linux主机（包括服务器本身上的另一个帐户）进行克隆，但没有任何效果。我还使用了openssl工具来验证服务器上的证书：
<pre><code>$openssl verify -purpose sslserver -CAfile chain.crt signed.pem 
signed.pem: OK
</code></pre>这可能与错误https://bugs.maemo.org/show_bug.cgi?id=4953有关，但似乎有所不同，因为我在任何其他程序中均未收到任何警告或错误。可能值得一提的是，我正在使用gitolite和redmine_git_hosting使用智能http通过https进行身份验证。我不认为这有什么错，因为即使我只是将一个原本可以工作的裸仓库粘贴在/ var / www中并直接访问它，也存在问题。此外，git over ssh（带或不带gitolite）均可工作。如果您有任何疑问或想了解更多信息，请告诉我。我确实更喜欢让ssl正常工作，而不是强迫所有人在git中禁用证书检查，尽管这是当前的解决方法。