Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

"unknown message digest algorithm" when I try to hg push

vikramugodbole
vikramugodbole June 3, 2015

I tried to push to my private repo on Bitbucket for the first time in several weeks today, and get the following error:

abort: error: _ssl.c:480: error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message digest algorithm

 

The last that I pushed anything to one of my repos was at the end of April, and had not seen this error then. 

This link indicated that it could be because of an old openssl version. I tried to install the more recent version of openssl suggested there, but that did not work either.

What changed within the past 4-5 weeks that might cause this error to occur? What do I need to do to fix? For now I can workaround by doing

hg push --insecure <repo_name>

I'm on Ubuntu 10.04 64-bit.

 

 

Answer
Watch
Like Be the first to like this
12863 views

1 answer

1 accepted

0 votes
Answer accepted
jredmond
jredmond
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 3, 2015

We changed the signature algorithm on our primary SSL certificate on 8 May: Bitbucket’s SSL certificate is changing for SHA-2

The link you posted does look like a good explanation; the newer certificate uses SHA256 for message digest, but some older OpenSSL versions may not support that algorithm. What version of OpenSSL are you running? Is SHA256 listed when you run this?

openssl dgst --help
View More Comments
vikramugodbole
vikramugodbole June 4, 2015

I installed openssl-0.9.8o as suggested in that link; because I am stuck on such an old distribution, I was trying to stick with the oldest openssl version that would still work (so I wouldn't run into dependency problems).

$ openssl version
OpenSSL 0.9.8o 01 Jun 2010

$ openssl dgst --help
unknown option '--help'
options are
-c              to output the digest with separating colons
-d              to output debug info
. . . 
-sha256         to use the sha256 message digest algorithm
. . .

So SHA256 is indeed listed; however, --help is not recognized as an option. So I guess my new openssl is an older version but still sufficient?

[Update] I just tried adding the hostfingerprints section to my ~/.hgrc, and this seems to have worked. I can now push as usual. (Oddly, I did not get the "unexpected fingerprint" message before, which would have alerted me to update the fingerprint.)

Thanks for your help!

 

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events