Menu
When creating a Webhook in GitLab 11.0.2 and testing it, I get this back this error:
Hook execution failed: SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: tlsv1 alert internal error
The Webhook URI is using HTTPS with a public certificate (not self signed).
SSL verification is disabled for this Webhook.
Update
I upgraded openssl1.0.2g to openssl1.0.2o but the error remains.
Then I tried to run:
openssl s_client -connect mywebhookhost:443
That resulted in:
depth=1 C = BE, O = GlobalSign nv-sa, CN = GlobalSign Organization Validation CA - SHA256 - G2
verify error:num=20:unable to get local issuer certificate
Update 2
/opt/gitlab/embedded/bin/ruby -ropenssl -e 'puts OpenSSL::OPENSSL_VERSION'
returns
OpenSSL 1.0.2o 27 Mar 2018
Update 3
GlobalSign CA certs are installed
awk -v cmd='openssl x509 -noout -subject' '
> /BEGIN/{close(cmd)};{print | cmd}' < /etc/ssl/certs/ca-certificates.crt | grep GlobalSign
results in
subject=OU = GlobalSign ECC Root CA - R4, O = GlobalSign, CN = GlobalSign
subject=OU = GlobalSign ECC Root CA - R5, O = GlobalSign, CN = GlobalSign
subject=C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
subject=OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign
subject=OU = GlobalSign Root CA - R3, O = GlobalSign, CN = GlobalSign
877
From this thread, it looks like your openssl is too old
Have been fighting with TLS for a few days, realised my GitLab was running on an old debian8, upgraded to debian9. So now.
python -c "import ssl; print ssl.OPENSSL_VERSION" OpenSSL 1.1.0f 25 May 2017
So start checking/upgrading openssl, for your webhook script to run properly.
109
I have the same problem and to solve that i need to install root certificates on gitlab server.
See here how to.
1
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
