Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

"unknown message digest algorithm" when I try to hg push

vikramugodbole
vikramugodbole
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
June 3, 2015

I tried to push to my private repo on Bitbucket for the first time in several weeks today, and get the following error:

abort: error: _ssl.c:480: error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message digest algorithm

 

The last that I pushed anything to one of my repos was at the end of April, and had not seen this error then. 

This link indicated that it could be because of an old openssl version. I tried to install the more recent version of openssl suggested there, but that did not work either.

What changed within the past 4-5 weeks that might cause this error to occur? What do I need to do to fix? For now I can workaround by doing

hg push --insecure <repo_name>

I'm on Ubuntu 10.04 64-bit.

 

 

Answer
Watch
Like Be the first to like this
13030 views

1 answer

1 accepted

0 votes
Answer accepted
jredmond
jredmond
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 3, 2015

We changed the signature algorithm on our primary SSL certificate on 8 May: Bitbucket’s SSL certificate is changing for SHA-2

The link you posted does look like a good explanation; the newer certificate uses SHA256 for message digest, but some older OpenSSL versions may not support that algorithm. What version of OpenSSL are you running? Is SHA256 listed when you run this?

openssl dgst --help
View More Comments
vikramugodbole
vikramugodbole
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
June 4, 2015

I installed openssl-0.9.8o as suggested in that link; because I am stuck on such an old distribution, I was trying to stick with the oldest openssl version that would still work (so I wouldn't run into dependency problems).

$ openssl version
OpenSSL 0.9.8o 01 Jun 2010

$ openssl dgst --help
unknown option '--help'
options are
-c              to output the digest with separating colons
-d              to output debug info
. . . 
-sha256         to use the sha256 message digest algorithm
. . .

So SHA256 is indeed listed; however, --help is not recognized as an option. So I guess my new openssl is an older version but still sufficient?

[Update] I just tried adding the hostfingerprints section to my ~/.hgrc, and this seems to have worked. I can now push as usual. (Oddly, I did not get the "unexpected fingerprint" message before, which would have alerted me to update the fingerprint.)

Thanks for your help!

 

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.