problems with clonebundle and bitbucket

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

problems with clonebundle and bitbucket

Uwe Brauer
Hi

a bizarre problem, running hg clone for a bitbucket account i receive

 
warning: connecting to media-api.atlassian.io using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info
error fetching bundle: [Errno 1] _ssl.c:510: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
abort: error applying bundle
(if this error persists, consider contacting the server operator or disable clone bundles via "--config ui.clonebundles=false")

so I set in the global .hgrc file
[ui]
clonebundles = false

and I could clone, but the error seems very odd. the lapto run sUbuntu 14.04
and mercurial 4.3.

since the error also refers to some certificate, I am not sure who is the culprit.
if somebody has seen something similar I would appreciate any comment, if not I have to contact bitbucket.

thanks

Uwe Brauer

_______________________________________________
Mercurial mailing list
[hidden email]
https://www.mercurial-scm.org/mailman/listinfo/mercurial
Reply | Threaded
Open this post in threaded view
|

Re: problems with clonebundle and bitbucket

Gregory Szorc
On Sun, Sep 24, 2017 at 2:40 PM, Uwe Brauer <[hidden email]> wrote:
Hi

a bizarre problem, running hg clone for a bitbucket account i receive

 
warning: connecting to media-api.atlassian.io using legacy security technology (TLS 1.0); see https://mercurial-scm.org/wiki/SecureConnections for more info
error fetching bundle: [Errno 1] _ssl.c:510: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
abort: error applying bundle
(if this error persists, consider contacting the server operator or disable clone bundles via "--config ui.clonebundles=false")

so I set in the global .hgrc file
[ui]
clonebundles = false

and I could clone, but the error seems very odd. the lapto run sUbuntu 14.04
and mercurial 4.3.

since the error also refers to some certificate, I am not sure who is the culprit.
if somebody has seen something similar I would appreciate any comment, if not I have to contact bitbucket.

thanks

Older versions of Python and Python binaries not built/linked against modern crypto libraries don't support TLS 1.1+. That's the source of the "using legacy security technology" warning message.

But the failure here is that the x509 server certificate isn't validating properly. The likely culprit here is that your trusted CA certificates file (part of the ca-certificates package on Ubuntu) is out of date or Mercurial isn't configured to use it.

It appears the latest ca-certificates package for Ubuntu 14.04 is 20160104ubuntu0.14.04.1. That's over 1.5 years old. It looks like bitbucket's hostname was signed by a CA that is newer than January 2016.

You'll need to obtain a new copy of trusted CA certificates. I'm not sure if there is an Apt repo you should point your Ubuntu 14.04 installs at. You can also manually download a trusted CA certificate "bundles" file and point Mercurial's web.cacerts config option at it. One source of such a file is https://curl.haxx.se/docs/caextract.html.

_______________________________________________
Mercurial mailing list
[hidden email]
https://www.mercurial-scm.org/mailman/listinfo/mercurial
Reply | Threaded
Open this post in threaded view
|

Re: problems with clonebundle and bitbucket

Uwe Brauer
>>> "Gregory" == Gregory Szorc <[hidden email]> writes:

    > On Sun, Sep 24, 2017 at 2:40 PM, Uwe Brauer <[hidden email]> wrote:
    >> (if this error persists, consider contacting the server operator or
    >> disable clone bundles via "--config ui.clonebundles=false")
    >>
    >> so I set in the global .hgrc file
    >> [ui]
    >> clonebundles = false
    >>


    > Older versions of Python and Python binaries not built/linked against
    > You'll need to obtain a new copy of trusted CA certificates. I'm not sure
    > if there is an Apt repo you should point your Ubuntu 14.04 installs at. You
    > can also manually download a trusted CA certificate "bundles" file and
    > point Mercurial's web.cacerts config option at it. One source of such a
    > file is https://curl.haxx.se/docs/caextract.html.
Ok thanks I will try that by the way:

Does
 clonebundles = false


Do any harm?

Uwe

_______________________________________________
Mercurial mailing list
[hidden email]
https://www.mercurial-scm.org/mailman/listinfo/mercurial
Reply | Threaded
Open this post in threaded view
|

Re: problems with clonebundle and bitbucket

Augie Fackler-2

> On Sep 30, 2017, at 11:27, Uwe Brauer <[hidden email]> wrote:
>
>>>> "Gregory" == Gregory Szorc <[hidden email]> writes:
>
>> On Sun, Sep 24, 2017 at 2:40 PM, Uwe Brauer <[hidden email]> wrote:
>>> (if this error persists, consider contacting the server operator or
>>> disable clone bundles via "--config ui.clonebundles=false")
>>>
>>> so I set in the global .hgrc file
>>> [ui]
>>> clonebundles = false
>>>
>
>
>> Older versions of Python and Python binaries not built/linked against
>> You'll need to obtain a new copy of trusted CA certificates. I'm not sure
>> if there is an Apt repo you should point your Ubuntu 14.04 installs at. You
>> can also manually download a trusted CA certificate "bundles" file and
>> point Mercurial's web.cacerts config option at it. One source of such a
>> file is https://curl.haxx.se/docs/caextract.html.
> Ok thanks I will try that by the way:
>
> Does
> clonebundles = false
>
>
> Do any harm?

no, it'll just make your clone slower than it otherwise could be

>
> Uwe
>
> _______________________________________________
> Mercurial mailing list
> [hidden email]
> https://www.mercurial-scm.org/mailman/listinfo/mercurial

_______________________________________________
Mercurial mailing list
[hidden email]
https://www.mercurial-scm.org/mailman/listinfo/mercurial