Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Cannot pull from bitbucket using https on ubuntu 14.04

As of today, git pull is failing:

fatal: unable to access 'https://...@bitbucket.org/.../myproj.git/': gnutls_handshake() failed: Handshake failed

I assume this has to do with removing support for older ciphers.

Question is: how do I fix it?

Hunting around I'm seeing suggestions to upgrade the version of openssl.

I have version 1.0.1f and when I try to upgrade the system tells me that I have the most recent version installed:

GIT_CURL_VERBOSE=1 git ls-remote https://bitbucket.org/

fatal: unable to access 'https://bitbucket.org/': gnutls_handshake() failed: Handshake failed

% openssl version

1.0.1f 6 Jan 2014

% sudo apt-get update && sudo apt-get install --only-upgrade openssl

...

already at the newest version

% python -c "import json, urllib2; print json.load(urllib2.urlopen('https://www.howsmyssl.com/a/check'))['tls_version']"

TLS 1.2

Any idea on how to fix this to regain access to my bitbucket repo?

 

34 answers

1 accepted

For all of those that are using Ubuntu 14.04.5 LTS, I fix this with an ugly workaround. The root problem of this seems to be a bug with the libcurl3 version and the TLS 1.2.

The curl version needs to be upgraded and I use the Ubuntu 16 repo (xenial) to update the curl package. These repos were used on /etc/apt/sources.list:

deb http://security.ubuntu.com/ubuntu xenial-security main
deb http://cz.archive.ubuntu.com/ubuntu xenial main universe

After this an:

apt-get update && apt-get install curl

And finally you can check if curl was updated with:

curl -V
curl 7.70.0 (x86_64-unknown-linux-gnu) libcurl/7.70.0 OpenSSL/1.0.1f zlib/1.2.8

To test the connection again (from the git repo):

GIT_CURL_VERBOSE=1 git ls-remote https://bitbucket.org/

And It works :)

This workaround was used to fix the issue in an old jenkins builder based on Ubuntu 14. The new ones were unaffected by the TLS change.

I hope that this could help anyone.

PS: On my way to find a fix I upgrade git to version 2.28.0 too :)

Thank you!

Your solution worked here.

And I didn't upgrade my git version. It's still 1.9.1.

Like Julian Lopez Alcaine likes this

Thanks, this worked for me.

Like Julian Lopez Alcaine likes this

Thank you man, it works!

You saved the day! :)

Like Julian Lopez Alcaine likes this

Thank you man, it's working Ubuntu 16.04.7 LTS

Like Julian Lopez Alcaine likes this

This worked for us!

You saved the day, it happened to us right before the release.

Thank you!

Like Julian Lopez Alcaine likes this
Like Julian Lopez Alcaine likes this

Thanks.  This worked..

Like Julian Lopez Alcaine likes this

Thanks for the tip.. it worked. 

Like Julian Lopez Alcaine likes this

Worked like a charm! Thank you

Like Julian Lopez Alcaine likes this

This is solution fix this issue on ubuntu server 14.04.x

1, Edit file: 

sudo nano  /etc/apt/sources.list

2, Add to file sources.list

deb http://security.ubuntu.com/ubuntu xenial-security main
deb http://cz.archive.ubuntu.com/ubuntu xenial main universe

3, Run command update and update CURL to new version 

apt-get update && apt-get install curl

4, Check version:

curl -V

Response :

curl 7.47.0 (x86_64-pc-linux-gnu) libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.28 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP UnixSockets

 

5, Test connect with bitbucket

GIT_CURL_VERBOSE=1 git ls-remote https://bitbucket.org/
Response:


* Closing connection 0
fatal: repository 'https://bitbucket.org/' not found

 

This done.

Thank a lot "Julian Lopez Alcaine". 

Like # people like this

Thank you so much. This fixed it for me. Was just about to do a production deployment and this popped up. Stressed!

Like Julian Lopez Alcaine likes this

Thank you very much!! This was the fix we needed for our git plugin failing on our jenkins running on ubuntu 14.04

Like # people like this

Thank you!

Today your solution saved my day! Thank you once again!

Like Julian Lopez Alcaine likes this
jbhatt I'm New Here Aug 29, 2020

Thank you so much!!

Like Julian Lopez Alcaine likes this

Thank you very very very much!

Like Julian Lopez Alcaine likes this

worked for me too, thanks a lot!

Like Julian Lopez Alcaine likes this

thank you..worked for me also on Ubuntu 14.04

Like Julian Lopez Alcaine likes this

sudo apt-get install -y libcurl3 worked for me .

Like # people like this

Thanks so much!! It only worked with this

Like Julian Lopez Alcaine likes this

not working for me..

after edit sources.list

apt-get update give me errors

Like Julian Lopez Alcaine likes this
jbhatt I'm New Here Sep 02, 2020

@yadintiens  don't worry about update error. try now  below command

sudo apt-get install curl
Like Julian Lopez Alcaine likes this

This reallt isn't of any help for people who are on shared hosting providers..

Alda Mesa I'm New Here Sep 21, 2020

Worked for me. Thanks! steamdb

Like Julian Lopez Alcaine likes this

ssh is working.

You will need to do some steps and create a key. 

Here is the tutorial about how to create it: https://support.atlassian.com/bitbucket-cloud/docs/set-up-an-ssh-key/

This seems to be the most clean solution for my situation, switching to SSH instead of HTTPS.

I tried upgrading to a more recent Ubuntu first, but a lot of my docker builds starting failing for various reasons.

It's not very easy to do, had to fight with some permission issues, but it wasn't that bad.

Below are the steps I took, to fix my docker image builds, that were running git clone over HTTPS as one of the image build steps in the Dockerfile.

If you don't use Docker, and/or don't build images with Dockerfiles having "git pull" commands in them, only steps 2 to 7 are relevant, you can ignore the rest:

1. Create a clean container based on ubuntu:14.04:

# docker run -it ubuntu:14.04

2. Install git inside the container:

# apt-get -y install git

3. Create a new RSA SSH identity (press enter each time when prompted, do not enter a password):

# ssh-keygen

4. Copy the content of the /root/.ssh/id_rsa.pub file using cat:

# cat /root/.ssh/id_rsa.pub

5. Create a new Key from the Bitbucket web administration UI for the repository, under the Access Keys section, by clicking Add key, setting a descriptive label, and pasting the text copied at the previous step.

6. Return to the terminal inside the container and attempt to clone the repository, using git, you can copy the required command from the Web bitbucket UI, by pressing the clone button on the repository home page, it would be something like:

# git clone git@bitbucket.org:user_name/repository_name.git

7. Accept the authenticity warning for the bitbucket.org host by typing yes and pressing enter at this prompt:

Are you sure you want to continue connecting (yes/no)?

8. Copy the content of the 3 files under the /root/.ssh directory, using cat and copy/pasting the text inside each one, to a directory called "ssh", in the same directory as the Dockerfile used to create images, outside the running container:

These are the files that need to be copied outside from inside the container:

ls -rtl /root/.ssh
total 12
-rw-r--r-- 1 root root 399 Aug 27 15:26 id_rsa.pub
-rw------- 1 root root 1675 Aug 27 15:26 id_rsa
-rw-r--r-- 1 root root 1326 Aug 27 15:29 known_hosts

9. Modify the Dockerfile to copy those files inside the images, by adding the following line before the step running git pull in the Dockerfile:

ADD ssh /root/.ssh

10. If you store the Dockerfile and associated files on git as well, add the following line to the Dockerfile, after the "ADD ssh /root.ssh" line, to set the correct permissions for the id_rsa file, as git doesn't store such permissions, otherwise it will be ignored by SSH:

RUN chmod 600 /root/.ssh/id_rsa

11. Modify the git clone command in the Dockerfile to use SSH instead of HTTPS, similar to step 6:

RUN git clone git@bitbucket.org:user_name/repository_name.git

That would be it. Not the easiest process, but not rocket science either.

ssh is not a good option for me since anyone on the target machine will have access to all of my personal repos, (right now each team member uses its own credentials to access this specific repo).

Unless there is a way to provide access only to this particular repo with an ssh key...

@sagism the read only SSH Access Keys can be set at the repository level, not at the user level. You don't need to set a user SSH key.

As @Vladimir Nicolici mentioned, update library in an old system can create some problems. That's why I chose to use ssh. But I don't think you can use ssh key per user.

Same problem on an old ubuntu server with an old git (1.9.1). Solved moving from https to ssh to clone the repo.

Same problem here, getting gnutls_handshake() failed: Handshake failed on pulls.

I was unable to push some changes live because of that. Luckily it wasn't something urgent, but some people may have deadlines, so doing whatever change that caused this without a warning was not cool.

Also get same error, please fix it.

..Consider moving to gitlab or github

0 votes
Shakalios I'm New Here Aug 27, 2020

I got same error today. What is the fix?

Same here.

Same error in ubuntu-14.

Same problem detected please, fix it

I'm facing this issue with the below configuration:

OS version: Ubuntu 14.04.6 LTS

Git version: git version 1.9.1

 

But with this configuration everything works fine:

OS version: Ubuntu 18.04.3 LTS

Git version: git version 2.17.1

Yes. Did you find the issue or a workaround?

Not yet.

If I find anything I'll share with you guys.

Like # people like this

Same error coming 


please help

0 votes
matt I'm New Here Aug 27, 2020

same here...

I assume that I need a new version of git which can use the newer ciphers / TLS

I tried to upgrade it:

sudo add-apt-repository ppa:git-core/ppa
sudo apt-get update
sudo apt-get install git

I get:

The following packages have unmet dependencies:

git : Depends: git-man (< 1:2.26.2-.) but 1:2.28.0-0ppa1~ubuntu14.04.1 is to be installed

E: Unable to correct problems, you have held broken packages.

 

When I remove git and git-man I still get the same.

 

I guess this is a separate problem, but seems to get in my way of resolving the original problem

Same problem.


Ubuntu 14.04.3 LTS
git version 1.9.1

Same error.

 

Any update on this?

i have been also facing same issue from couple of hours ago.

Same problem here.

  • Git version 1.9.1
  • Ubuntu 14.04.6 LTS

I tried the following:

  1. Removing Git and reinstalling
  2. Upgrading to Git version 2.28.0
user@home:~$ git --version
git version 2.28.0

Having done the above, I get the exact same error.

fatal: unable to access 'https://bitbucket.org/*****/*****.git/': gnutls_handshake() failed: Handshake failed

 

Then I tried compiling Git 1.9.1 with OpenSSL:
https://askubuntu.com/questions/186847/error-gnutls-handshake-failed-when-connecting-to-https-servers

 

When I try and run the debian package after I have compiled it:

$ sudo dpkg -i ../git_1.9.1-1ubuntu0.10_amd64.deb 
Selecting previously unselected package git.
dpkg: warning: files list file for package 'libakonadi-kabc4' missing; assuming package has no files currently installed
dpkg: warning: files list file for package 'base-passwd' missing; assuming package has no files currently installed
(Reading database ... 650135 files and directories currently installed.)
Preparing to unpack .../git_1.9.1-1ubuntu0.10_amd64.deb ...
Unpacking git (1:1.9.1-1ubuntu0.10) ...
dpkg: dependency problems prevent configuration of git:
git depends on git-man (<< 1:1.9.1-.); however:
Version of git-man on system is 1:2.28.0-0ppa1~ubuntu14.04.1.

dpkg: error processing package git (--install):
dependency problems - leaving unconfigured
Errors were encountered while processing:
git

`

Any help appreciated thanks.

Any update on this.. we are experiencing same issue..

0 votes
GIT_CURL_VERBOSE=1 git ls-remote https://bitbucket.org/ 
GIT_TRACE_PACKET=1 GIT_TRACE=1 GIT_SSH_COMMAND="ssh -v" GIT_CURL_VERBOSE=1 git clone <your repository URL>
GIT_TRACE_PACKET=1 GIT_TRACE=1 GIT_SSH_COMMAND="ssh -v" GIT_CURL_VERBOSE=1 git pull

This is not working for me.could anybody checks this correct or wrong.. this solution gave a bitbucket support team..

Same problem here. Please, fix it. I have something urgent to do.

Same issue here.

Updating git to newer version not seems to solve the problem.

 

Ubuntu 14.04.5 LTS

git version 1.9.1 (now 2.28.0)

Same is working for me after upgrading ubuntu-14.04 to 16.04. I tried every possible ways and spend around 4 hours. But finally working after upgrade to 16.04.

I upgrade to 16.04, same problem

0 votes
Varentsov I'm New Here Aug 27, 2020

Same error
Ubuntu 14.04.6
LTS
git version 1.9.1

Same error

Ubuntu 14.04.1

git version 2.28.0

Same problem here, using bitbucket pipeline on Cloud.

0 votes

Same error since last night, my custom CI can no longer make any pulls therefore can't make any new builds therefore i can't release new versions of the software, all this on a deadline of course, what the heck guys not even a heads up??

 

how  do i fix this?

 

Ubuntu 14.04.5 LTS

git 1:1.9.1-1ubuntu0.10

Change your remote origin from HTTPS to SSH. SSH is working.

I did it on my projects until they fix HTTPS.

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
TAGS
Community showcase
Published in Bitbucket

Powering DevOps with Bitbucket Server & Data Center

Hi everyone, The Cloud team recently announced 12 new DevOps features that help developers ship better code, faster   ! While we’re all excited about the new improvements to Bitbucket ...

1,926 views 0 7
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you