69

When I try to connect to any HTTPS server with git, it gives the following error:

error: gnutls_handshake() failed: A TLS packet with unexpected length was received. while accessing ...
fatal: HTTP request failed

I think that maybe some packages that are related to gnutls_handshake have been broken. So, I want to reinstall those.

Which packages can be related to these errors? Or how do I fix this kind of error?

Damien
  • 105
  • 6
Nyambaa
  • 1,781

3 Answers3

99

Got reason of the problem, it was gnutls package. It's working weird behind a proxy. But openssl is working fine even in weak network. So workaround is that we should compile git with openssl. To do this, run the following commands:

sudo apt-get update
sudo apt-get install build-essential fakeroot dpkg-dev
sudo apt-get build-dep git
mkdir ~/git-openssl
cd ~/git-openssl
apt-get source git
dpkg-source -x git_1.7.9.5-1.dsc
cd git-1.7.9.5

(Remember to replace 1.7.9.5 with the actual version of git in your system.)

Then, edit debian/control file (run the command: gksu gedit debian/control) and replace all instances of libcurl4-gnutls-dev with libcurl4-openssl-dev.

Then build the package (if it's failing on test, you can remove the line TEST=test from the file debian/rules):

sudo apt-get install libcurl4-openssl-dev
sudo dpkg-buildpackage -rfakeroot -b

Install new package:

i386: sudo dpkg -i ../git_1.7.9.5-1_i386.deb

x86_64: sudo dpkg -i ../git_1.7.9.5-1_amd64.deb


Inspired from here: https://github.com/xmendez/wfuzz/wiki/PyCurlSSLBug

Rom098
  • 153
  • 1
  • 7
Nyambaa
  • 1,781
  • 2
    Had this same issue after upgrading to Ubuntu 14.04. This solution worked great! – vertti Apr 23 '14 at 10:34
  • 1
    Worked with Linux Mint 16, you have to go to "Software Sources" and enable sources on official repositories. You must also uninstall libcurl4-gnutls-dev and replace by libcurl4-openssl-dev prior to compiling. – Guillaume Perrot Jun 12 '14 at 09:05
  • 1
    Might help the wondering minds. If you're using 'repo' to download a repository (say android source code) and come across the gnutls-handshake problem, @Nyambaa's answer works. Repo is a script which depends on Git, so you should be good. Worked like magic on my Ubuntu 14.04 lts – KhoPhi Nov 16 '14 at 03:11
  • 1
    This also worked to solve my Android repo sync problem that was resulting in error: RPC failed; result=56, HTTP code = 200. – Xargs Jan 24 '15 at 01:20
  • 3
    Shellscript for people's (mainly my own) sanity. https://github.com/SonOfLysander/git-openssl-shellscript/blob/master/git-openssl.sh – Niko Aug 10 '15 at 23:38
  • Never seen an example like this. Worked like a charm! :D – mohit Sep 14 '15 at 16:02
  • I wonder, if my Mac OS X git version could be fixed similarly. But at least I now can use git from my Ubuntu VM with my strange remote https repository that tries to be very safe. Thanks. – PeterSom Sep 14 '15 at 16:04
  • 1
    @BCqrstoO in shellscript find .. -type f -name "git_*ubuntu*.deb" -exec sudo dpkg -i \{\} \; is overboard... sudo dpkg -i ../git_*.deb is more then sufficient. – Kevin Sep 24 '15 at 15:25
  • @kevinf Thanks for that tip! I had recently found out how to use the find command properly, and I went a bit overboard with it. I'll fix it up :) – Niko Sep 24 '15 at 21:35
  • 4
    the tests in the build step take a really long time. if you trust the git maintainers, I highly suggest following the instructions above to skip them by removing the TEST=test line from debian/rules. – Eli Albért Sep 30 '15 at 16:01
  • 1
    Fix worked for me. Be sure to add the git-core ppa to /etc/apt/sources.list if it does not exist. https://launchpad.net/~git-core/+archive/ubuntu/ppa – Eugene K Oct 05 '15 at 07:03
  • 1
    @nyambaa I am getting error in last step :(

    sudo dpkg -i ../git_2.7.4.0ubuntu1_amd64.deb dpkg: error processing archive ../git_2.7.4.0ubuntu1_amd64.deb (--install): cannot access archive: No such file or directory Errors were encountered while processing: ../git_2.7.4.0ubuntu1_amd64.deb

    – Jassi Jun 15 '16 at 13:40
  • apt-get install returns: The following packages have unmet dependencies: dpkg-dev : Depends: libdpkg-perl (= 1.17.5ubuntu5.7) but 1.18.18 is to be installed - what you can recommend? 14.04 with all updates. – Vitaly Zdanevich Jan 15 '17 at 14:01
  • You have to install libcurl4-openssl-dev before running sudo dpkg-buildpackage -rfakeroot -b – Vishnu Ks Feb 21 '17 at 13:57
  • what is source in apt-get source git command ? – anomepani Apr 12 '17 at 12:10
  • After all that (which worked) I still get that failure gnutls_handshake() failed: Error in the pull function – jcollum Jul 21 '17 at 18:51
  • work like a charm! – Sun Junwen Aug 03 '17 at 04:25
  • u had this issue on 18.04, it turns out I changed the log in password. I just reboot the machine. – janicebaratheon Jul 20 '18 at 20:58
  • sudo dpkg-buildpackage -rfakeroot -b took so much time. anyways, it works. Thanks – Rohan Khude Aug 20 '18 at 07:09
  • On Windows Bash (WSL), the sudo dpkg-buildpackage -rfakeroot -b step fails with a message fakeroot: error while starting the `faked' daemon.. This link recommends running sudo update-alternatives --set fakeroot /usr/bin/fakeroot-tcp – henry Mar 05 '20 at 08:40
9

For me, it ended up being that SSL certificate was self-signed. Give this a try

git config --global http.sslVerify false

Rick
  • 269
  • 19
    That's a terrible idea; it disables all authentication for every TLS (SSL) connection made by git, removing your protection from man-in-the-middle attacks. – cjs Aug 07 '18 at 09:36
1

This is mentioned in one of the comments to another answer but I feel it needs to be more visible https://askubuntu.com/users/177551/paul-nelson-baker has written a shell script which, for me, resolved this issue.

The script is available in his repository https://github.com/paul-nelson-baker/git-openssl-shellscript and re-compiles git with openssl instead of gnutls. Read the README for the whole story but it worked for me so thank you Paul.

glaucon
  • 203
  • 2
  • 11
  • the link is dead and thus this answer is not useful at all – eis Oct 18 '21 at 21:11
  • @eis For me each of the three links in the answer are working as I type. Perhaps you could explain which link you're referring to when you "the link" ? Thanks. – glaucon Oct 19 '21 at 01:09
  • the shellscript link, which this answer is about. Seems to work for me now as well, didn't work yesterday for some reason. However, this answer is a link-only answer regardless, so it would be good to have some contents in the answer for the case that link would stop working. – eis Oct 19 '21 at 19:47