error: gnutls_handshake() failed GIT repository

Asked 23/11, 2012 at 6:41 Answered 1/8, 2018 at 8:37

The following error appears when I try to clone git repository. I have the rsa public keys configured properly as well.

$ git clone https://github.com/blah/blah.git
Initialized empty Git repository in /home/arun/.git/
error: gnutls_handshake() failed: A TLS packet with unexpected length was
       received. while accessing https://github.com/blah/blah.git/info/refs

fatal: HTTP request failed

Andiron answered 23/11, 2012 at 6:41 Comment(0)

It could be used to a GnuTLs or pycurl bug

The following is the new method for pycurl_7.19.0-4ubuntu3:

sudo apt-get install build-essential fakeroot dpkg-dev
mkdir ~/python-pycurl-openssl
cd ~/python-pycurl-openssl
sudo apt-get source python-pycurl
sudo apt-get build-dep python-pycurl
sudo apt-get install libcurl4-openssl-dev
sudo dpkg-source -x pycurl_7.19.0-4ubuntu3.dsc
cd pycurl-7.19.0
# remove the HAVE_CURL_GNUTLS=1 in the following file
sudo vim debian/patches/10_setup.py.dpatch
# remove the HAVE_CURL_GNUTLS=1 in the following file
sudo vim setup.py
# replace all gnutls into openssl in the following file
sudo vim debian/control
sudo dpkg-buildpackage -rfakeroot -b
sudo dpkg -i ../python-pycurl_7.19.0-4ubuntu3_amd64.deb

Broomrape answered 23/11, 2012 at 6:57 Comment(8)

Thanks for sharing this. During the last step, I get the following error. Do you have any clues? $ sudo dpkg -i ../python-pycurl_7.19.0-4ubuntu3_amd64.deb dpkg: error processing ../python-pycurl_7.19.0-4ubuntu3_amd64.deb (--install): cannot access archive: No such file or directory Errors were encountered while processing: ../python-pycurl_7.19.0-4ubuntu3_amd64.deb – Andiron 23/11, 2012 at 10:14

@user1514027 I suppose it depends on the exact .deb file name built by the previous step (the dpkg-buildpackage). You need to have a look and search for the actual name generated. – Broomrape 23/11, 2012 at 10:16

I followed this solution, deviations included the source source file presenting as pycurl_7.19.0-3.dsc instead of pycurl_7.19.0-4ubuntu3.dsc. I also found it necessary to NOT edit patch file, doing so caused an MD5 failure on the build. – Whorl 7/2, 2013 at 18:54

In the end, the behavior is unchanged, perhaps I need to find a way to really stop that macro from being defined. Perhaps I can manually make the changes to setup.py and stop the patch from being applied? – Whorl 7/2, 2013 at 18:56

Edited the patched setup.py to remove the macro definition, then deleted the patched file and removed reference in /debian/patches/00list. Build appeared to work, but no change in behavior still. Dang. Would my certificate failing cause a similar problem? – Whorl 7/2, 2013 at 19:5

@Whorl I didn't find any new information about that thread, so I will be interested with what you will come up. – Broomrape 7/2, 2013 at 19:45

Added an answer for what finally worked for me. I'm not sure how to distinguish whether I am using pycurl or not. – Whorl 26/2, 2013 at 22:33

In my case, I get an error on fetching source for python-pycurl - E: Unable to find a source package for pycurl - hastebin.com/axezunupoz.mel – Humus 1/3, 2015 at 5:19

I had this problem, and it took me a while to find the solution. I kept thinking that I was missing a package somewhere. I didn't want to recompile Git, since I was already using the latest version, and I was pretty sure that the problem wasn't Git itself.

My problem was my .gitconfig file. The problem only occurred on an old Linux server that had been upgraded many times over the years. At some point, for some reason I don't recall, I had explicitly specified sslVersion = sslv3 in my .gitconfig file.

When I saw that, the lightbulb went on, since I know that SSL V3 has been deprecated due to security concerns, and that most people should be using TLS instead. For instance, see RFC 7568, https://www.rfc-editor.org/rfc/rfc7568

So my fix involved either deleting the offending sslVersion = sslv3 line from my ~/.gitconfig file, or changing this:

[httpd] 
    sslVersion = sslv3

to this:

[httpd]
    sslVersion = tlsv1.2

Removing the line and letting Git/libcurl negotiate the encryption seemed like the best choice, since TLS v1.3 is in the works, and I don't want to encounter this problem again in the future!

Broek answered 8/3, 2017 at 18:16 Comment(1)

Good suggestion. There are a number of git-config options that might lead to an issue like this or could be used as a work around. – Lxx 22/5, 2018 at 18:33

In My case, It appears I was not using pycurl, so the above solution did not work for me. What DID work was a rebuild of git-core modified to use openssl instead of gnutls.

Instructions are here:

https://askubuntu.com/questions/186847/error-gnutls-handshake-falied

I had substitute "git-core" for "git" in most places, the .dsc (package information file?) turned up as git-core_1.7.0.4-1ubuntu0.2.dsc, and the .deb package came out as git-core_1.7.0.4-1ubuntu0.2_i386.deb.

Whorl answered 26/2, 2013 at 22:32 Comment(0)

I've had the same problem when tried sudo git fetch from a directory my own user didn't have enough rights to. I moved repository to /tmp and continued my work.

Don't forget /tmp gets erased after reboot.

Autograph answered 27/1, 2015 at 12:3 Comment(1)

only on some systems – Hight 1/8, 2016 at 15:32

-2

In my case worked, mixing the solutions of @Rick and @m0j0

First execute these commands:

git config --global http.sslVerify false
git config --global http.sslVerify true

After add or modify ~/.gitconfig

nano ~/.gitconfig

Set this:

[httpd] 
    sslVersion = sslv3

Trypanosome answered 1/8, 2018 at 8:37 Comment(0)

-3

For me, it ended up being that SSL certificate was self-signed. Give this a try

git config --global http.sslVerify false

Azevedo answered 25/2, 2018 at 23:15 Comment(1)

Never do this. It disables authentication on every TLS connection ever made by git, removing protection against several kinds of attacks. – Thrash 7/8, 2018 at 9:38

Recommended topics

Hot tags