Sourcetree Reports "SSL certificate problem: unable to get local issuer certificate" When Pulling

Alexander Oss
Contributor
January 2, 2025

Last month, I found that when I hit the Pull button in my Sourcetree, I was getting the following error:

---

git -c diff.mnemonicprefix=false -c core.quotepath=false --no-optional-locks fetch --tags origin

fatal: unable to access 'https://bitbucket.org/[path]/[reponame].git/': SSL certificate problem: unable to get local issuer certificate

Completed with errors, see above.

---

I submitted a ticket to Atlassian Support, who pointed out that Sourcetree is "supported" in Atlassian Community.

I'm back from holiday break now, and I'm still getting the same error, even after updating to version 3.4.21 (from 3.4.18).

What's the cause of this error, and how can it be prevented?  I'm not aware of any certificates being involved in this process other than those that might be hosted by Bitbucket.  Thanks!

Edit: In ignorance and/or desperation, I tried hitting the Update Embedded button on the Git tab of the Options dialog box, and that appears to have failed with an endlessly-popping-up message "git-remote-https.exe - Entry Point Not Found: The procedure entry point libssh2_session_set_read_timeout could not be located in the dynamic link library C:\Users\[myname]\AppData\Local\Atlassian\SourceTree\git_local\mingw32\libexec\git-core\libcurl-4.dll."  I have no clue as to whether this is related to the underlying issue, or if it's just a broken update process, or something else.

Edit 2: After quitting Sourcetree to stop the infinite popups, and rebooting my laptop, and going to lunch, I started Sourcetree again, and thankfully didn't get further popups.  But when I tried to do a Pull, I got this error: "git -c diff.mnemonicprefix=false -c core.quotepath=false --no-optional-locks fetch --tags origin error: LoadLibraryExW() failed with: The specified procedure could not be found.? fatal: failed to load library 'libcurl-4.dll'".  So I hit the Update Embedded button again, and... no errors during that update.  But NOW the certificate-related error is:

---

git -c diff.mnemonicprefix=false -c core.quotepath=false --no-optional-locks fetch --tags origin

fatal: unable to access 'https://bitbucket.org/[path]/[reponame].git/': schannel: next InitializeSecurityContext failed: CRYPT_E_NO_REVOCATION_CHECK (0x80092012) - The revocation function was unable to check revocation for the certificate.

Completed with errors, see above.

---

I can't even tell if this is the same inscrutable error condition as before I did the Update Embedded!  Help...

1 answer

0 votes
Alexander Oss
Contributor
January 9, 2025

With the arrival of that new error message in the updated Sourcetree and its updated embedded Git, I eventually found this Stackoverflow entry which included a very telling bit:

This error is also commonly hit when you're on a corporate network that performs MITM on all traffic, and then blocks the revocation check.


This looks like what's happening to me.  It turns out these errors are only happening when I'm working from our office (not when I'm working from home), and if I ask my browser to show me the certificate for bitbucket.org when I'm in the office, the certificate chain shows that my company has inserted their own certificate authority.  When I do so at home, I see the "real" certificate chain.

So my grudging "solution" is to accept the risk of checking Sourcetree's "Disable SSL certificate validation (note: potentially insecure)" checkbox on the Git tab of the Options dialog box (...at least when I'm in the office, anyway).

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events