It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

"unknown message digest algorithm" when I try to hg push

I tried to push to my private repo on Bitbucket for the first time in several weeks today, and get the following error:

abort: error: _ssl.c:480: error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message digest algorithm


The last that I pushed anything to one of my repos was at the end of April, and had not seen this error then. 

This link indicated that it could be because of an old openssl version. I tried to install the more recent version of openssl suggested there, but that did not work either.

What changed within the past 4-5 weeks that might cause this error to occur? What do I need to do to fix? For now I can workaround by doing

hg push --insecure <repo_name>

I'm on Ubuntu 10.04 64-bit.



1 answer

1 accepted

0 votes
Answer accepted
jredmond Atlassian Team Jun 03, 2015

We changed the signature algorithm on our primary SSL certificate on 8 May: Bitbucket’s SSL certificate is changing for SHA-2

The link you posted does look like a good explanation; the newer certificate uses SHA256 for message digest, but some older OpenSSL versions may not support that algorithm. What version of OpenSSL are you running? Is SHA256 listed when you run this?

openssl dgst --help

I installed openssl-0.9.8o as suggested in that link; because I am stuck on such an old distribution, I was trying to stick with the oldest openssl version that would still work (so I wouldn't run into dependency problems).

$ openssl version
OpenSSL 0.9.8o 01 Jun 2010

$ openssl dgst --help
unknown option '--help'
options are
-c              to output the digest with separating colons
-d              to output debug info
. . . 
-sha256         to use the sha256 message digest algorithm
. . .

So SHA256 is indeed listed; however, --help is not recognized as an option. So I guess my new openssl is an older version but still sufficient?

[Update] I just tried adding the hostfingerprints section to my ~/.hgrc, and this seems to have worked. I can now push as usual. (Oddly, I did not get the "unexpected fingerprint" message before, which would have alerted me to update the fingerprint.)

Thanks for your help!


Suggest an answer

Log in or Sign up to answer
Community showcase
Posted in Bitbucket

Share your software development horror stories!

Hey Community! I work on the Bitbucket product marketing team. With Halloween approaching, we wanted to discuss a topic tailor-made for October: development horror stories. Whether it was a lurk...

1,520 views 11 3
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you