Hmmm, that's interesting. It's acting as if it's not hitting the GitLab url at all but Mattermost is hitting a code path where it must have received some successful (though, incorrect) response from that URL.
Can you double check that your token URL is correct?
Can you also try setting "EnableInsecureOutgoingConnections" to true in your config.json (it's under Service Settings)?