Cannot push when SSL configured

Issue #1010 open
Mario X
created an issue

Pulling from server works well, pushing is rolled back at the end of operation.

Error message: remote: <urlopen error [Errno 8] _ssl.c:507: EOF occurred in violation of protocol>transaction abort!

Log of command

 hg --debug --verbose push --insecure --new-branch https://10.0.3.155:81/scm/hg/MAINREPO
pushing to https://10.0.3.155:81/scm/hg/MAINREPO
using https://10.0.3.155:81/scm/hg/MAINREPO
proxying through http://a:***@10.1.0.26/
sending capabilities command
using auth.10.0.3.155.* for authentication
10.0.3.155 certificate matched fingerprint sha256:44:f8:cc:03:b5:f4:76:3c:4d:5c:75:dd:03:06:25:13:da:48:08:96:be:7a:6e:b8:7b:57:14:c3:5b:3c:f5:1e
using auth.10.0.3.155.* for authentication
http auth: user MyName, password ***************
using auth.10.0.3.155.* for authentication
10.0.3.155 certificate matched fingerprint sha256:44:f8:cc:03:b5:f4:76:3c:4d:5c:75:dd:03:06:25:13:da:48:08:96:be:7a:6e:b8:7b:57:14:c3:5b:3c:f5:1e
query 1; heads
sending batch command
using auth.10.0.3.155.* for authentication
searching for changes
all remote heads known locally
preparing listkeys for "phases"
sending listkeys command
using auth.10.0.3.155.* for authentication
received listkey for "phases": 15 bytes
checking for updated bookmarks
preparing listkeys for "bookmarks"
sending listkeys command
using auth.10.0.3.155.* for authentication
received listkey for "bookmarks": 0 bytes
sending branchmap command
using auth.10.0.3.155.* for authentication
preparing listkeys for "bookmarks"
sending listkeys command
using auth.10.0.3.155.* for authentication
received listkey for "bookmarks": 0 bytes
10 changesets found
list of changesets:
12cc8d6475fdfe42dcf6b2c10f653ee4fef916ce
7f52ab8cf442780a493b5fa96db3c78c67af9662
e753955f9b35a01944d2bbebdce20a5dd7be8532
9fa8e819d5402da1dc82b8318de8a5bb4293ea90
04d888907ba6856f8c3dd1035b45182ccbad2807
0f06c31f659f844b91bcfa7a1f3c697cb052e888
73a0304b17eb45cbc0807a127fd6e4e138e6bf2c
a0e7f3f03d9c581d5cd14382bad2458254b898c3
0e56cb68b2fcdde889c7d164edf17590a027df5a
abe17755e8e04a63397ed195936d4346116d5181
sending unbundle command
sending 14781 bytes
using auth.10.0.3.155.* for authentication
remote: adding changesets
remote: adding manifests
remote: adding file changes
remote: added 10 changesets with 6 changes to 6 files (-2 heads)
remote: <urlopen error [Errno 8] _ssl.c:507: EOF occurred in violation of protocol>transaction abort!
remote: rollback completed
preparing listkeys for "phases"
sending listkeys command
using auth.10.0.3.155.* for authentication
received listkey for "phases": 15 bytes

Comments (3)

  1. Mario X reporter

    When I removed in server-config.xml in <Call name="addConnector"> section element

           <Arg>
           <!--
           Exclude SSLv3 to avoid POODLE vulnerability.
           See https://groups.google.com/d/msg/scmmanager/sX_Ydy-wAPA/-Dvs5i7RHtQJ
            -->
             <New class="org.eclipse.jetty.http.ssl.SslContextFactory">
               <Set name="excludeProtocols">
                 <Array type="java.lang.String">
                   <Item>SSLv2Hello</Item>
                   <Item>SSLv3</Item>
                 </Array>
               </Set>
             </New>
          </Arg>
    

    it started working.

  2. Sebastian Sdorra repo owner
    • changed status to open

    You could also try to disable the ssl validation for mercurial hooks (in scm mercurial configuration, introduced with version 1.58), because enabling SSLv3 could be a security risk.

  3. Log in to comment