"unknown message digest algorithm" when I try to hg push

I tried to push to my private repo on Bitbucket for the first time in several weeks today, and get the following error:

abort: error: _ssl.c:480: error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message digest algorithm


The last that I pushed anything to one of my repos was at the end of April, and had not seen this error then. 

This link indicated that it could be because of an old openssl version. I tried to install the more recent version of openssl suggested there, but that did not work either.

What changed within the past 4-5 weeks that might cause this error to occur? What do I need to do to fix? For now I can workaround by doing

hg push --insecure <repo_name>

I'm on Ubuntu 10.04 64-bit.



1 answer

1 accepted

0 votes
Accepted answer
Jim Redmond Atlassian Team Jun 03, 2015

We changed the signature algorithm on our primary SSL certificate on 8 May: Bitbucket’s SSL certificate is changing for SHA-2

The link you posted does look like a good explanation; the newer certificate uses SHA256 for message digest, but some older OpenSSL versions may not support that algorithm. What version of OpenSSL are you running? Is SHA256 listed when you run this?

openssl dgst --help

I installed openssl-0.9.8o as suggested in that link; because I am stuck on such an old distribution, I was trying to stick with the oldest openssl version that would still work (so I wouldn't run into dependency problems).

$ openssl version
OpenSSL 0.9.8o 01 Jun 2010

$ openssl dgst --help
unknown option '--help'
options are
-c              to output the digest with separating colons
-d              to output debug info
. . . 
-sha256         to use the sha256 message digest algorithm
. . .

So SHA256 is indeed listed; however, --help is not recognized as an option. So I guess my new openssl is an older version but still sufficient?

[Update] I just tried adding the hostfingerprints section to my ~/.hgrc, and this seems to have worked. I can now push as usual. (Oddly, I did not get the "unexpected fingerprint" message before, which would have alerted me to update the fingerprint.)

Thanks for your help!


Suggest an answer

Log in or Sign up to answer
Community showcase
Published Nov 06, 2018 in Bitbucket

Upgrade Best Practices

Hello! My name is Mark Askew and I am a Premier Support Engineer for products Bitbucket Server/Data Center, Fisheye & Crucible. Today, I want to bring the discussion that Jennifer, Matt, and ...

434 views 6 9
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you