Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

error: gnutls_handshake() failed GIT repository

Tags:

The following error appears when I try to clone git repository. I have the rsa public keys configured properly as well.

$ git clone https://github.com/blah/blah.git
Initialized empty Git repository in /home/arun/.git/
error: gnutls_handshake() failed: A TLS packet with unexpected length was
       received. while accessing https://github.com/blah/blah.git/info/refs

fatal: HTTP request failed
like image 600
Arun Jayapal Avatar asked Nov 23 '12 06:11

Arun Jayapal


2 Answers

It could be used to a GnuTLs or pycurl bug

The following is the new method for pycurl_7.19.0-4ubuntu3:

sudo apt-get install build-essential fakeroot dpkg-dev
mkdir ~/python-pycurl-openssl
cd ~/python-pycurl-openssl
sudo apt-get source python-pycurl
sudo apt-get build-dep python-pycurl
sudo apt-get install libcurl4-openssl-dev
sudo dpkg-source -x pycurl_7.19.0-4ubuntu3.dsc
cd pycurl-7.19.0
# remove the HAVE_CURL_GNUTLS=1 in the following file
sudo vim debian/patches/10_setup.py.dpatch
# remove the HAVE_CURL_GNUTLS=1 in the following file
sudo vim setup.py
# replace all gnutls into openssl in the following file
sudo vim debian/control
sudo dpkg-buildpackage -rfakeroot -b
sudo dpkg -i ../python-pycurl_7.19.0-4ubuntu3_amd64.deb
like image 176
VonC Avatar answered Sep 17 '22 17:09

VonC


I had this problem, and it took me a while to find the solution. I kept thinking that I was missing a package somewhere. I didn't want to recompile Git, since I was already using the latest version, and I was pretty sure that the problem wasn't Git itself.

My problem was my .gitconfig file. The problem only occurred on an old Linux server that had been upgraded many times over the years. At some point, for some reason I don't recall, I had explicitly specified sslVersion = sslv3 in my .gitconfig file.

When I saw that, the lightbulb went on, since I know that SSL V3 has been deprecated due to security concerns, and that most people should be using TLS instead. For instance, see RFC 7568, https://www.rfc-editor.org/rfc/rfc7568

So my fix involved either deleting the offending sslVersion = sslv3 line from my ~/.gitconfig file, or changing this:

[httpd] 
    sslVersion = sslv3

to this:

[httpd]
    sslVersion = tlsv1.2

Removing the line and letting Git/libcurl negotiate the encryption seemed like the best choice, since TLS v1.3 is in the works, and I don't want to encounter this problem again in the future!

like image 38
m0j0 Avatar answered Sep 20 '22 17:09

m0j0