'Git Bash - string parameter with '/' at start is being expanded to a file path. How to stop this?

Earlier today, I was trying to generate a certificate with a DNSName entry in the SubjectAltName extension:

$ openssl req -new -subj "/C=GB/CN=foo" -addext "subjectAltName = DNS:foo.co.uk" \
-addext "certificatePolicies = 1.2.3.4" -key ./private-key.pem -out ~/req.pem

This command led to the following error message:

name is expected to be in the format /type0=value0/type1=value1/type2=... where characters may be escaped by . This name is not in that format: 'C:/Program Files/Git/C=GB/CN=foo' problems making Certificate Request

How can I stop Git Bash from treating this string parameter as a filepath, or at least stop it from making this alteration?

git-bash


Solution 1:[1]

The release notes to the Git Bash 2.21.0 update today mentioned this as a known issue. Fortunately, they also described two solutions to the problem:

If you specify command-line options starting with a slash, POSIX-to-Windows path conversion will kick in converting e.g. "/usr/bin/bash.exe" to "C:\Program Files\Git\usr\bin\bash.exe". When that is not desired -- e.g. "--upload-pack=/opt/git/bin/git-upload-pack" or "-L/regex/" -- you need to set the environment variable MSYS_NO_PATHCONV temporarily, like so:

MSYS_NO_PATHCONV=1 git blame -L/pathconv/ msys2_path_conv.cc

Alternatively, you can double the first slash to avoid POSIX-to-Windows path conversion, e.g. "//usr/bin/bash.exe".

Solution 2:[2]

Using MSYS_NO_PATHCONV=1 can be problematic if your script accesses files.

Prefixing with a double forward slash doesn't work for the specific case of OpenSSL, as it causes the first DN segment key to be read as "/C" instead of "C", so OpenSSL drops it, outputting:

req: Skipping unknown attribute "/C"

Instead, I used a function that detects if running on bash for Windows, and prefixes with a "dummy" segment if so:

# If running on bash for Windows, any argument starting with a forward slash is automatically
# interpreted as a drive path. To stop that, you can prefix with 2 forward slashes instead
# of 1 - but in the specific case of openssl, that causes the first CN segment key to be read as
# "/O" instead of "O", and is skipped. We work around that by prefixing with a spurious segment,
# which will be skipped by openssl
function fixup_cn_subject() {
    local result="${1}"
    case $OSTYPE in
        msys|win32) result="//XX=x${result}"
    esac
    echo "$result"
}

# Usage example
MY_SUBJECT=$(fixup_cn_subject "/C=GB/CN=foo")

Solution 3:[3]

Found a workaround by passing a dummy value as the first attribute, for example: -subj '//SKIP=skip/C=gb/CN=foo'

Solution 4:[4]

I had the same issue using bash, but running the exact same command in Powershell worked for me. Hopefully this will help someone.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Community
Solution 2
Solution 3 ???? ???????
Solution 4 jtate

Related Questions

Where does Git Bash get all its host mappings from?

How to change folder with git bash?

Heroku Login timing out on Win64

Python print Unicode string via 'Git Bash' gets 'UnicodeEncodeError'

-bash: __git_ps1: command not found

Locate a file and then opening the file using the command line in GitBash

How to run devenv.exe command line switches (for Visual Studio 2019) from git bash

How can I solve "fatal: ambiguous argument 'HEAD~1': unknown revision or path not in the working tree"?

How to add the man command to git bash on windows and include the manuals

How to create a .bat file which execute python file

Git Bash on Windows with Ruby: Waiting for gets() input before printing prompt?

Convert Unix-Style Path to Windows

Git Bash, go back in folders

Vue version not in any npm list

How to Shorten Git Bash Prompt (Windows)