Issue #939 resolved

Cannot authenticate when pushing via https proxy

Craig McQueen
created an issue

I'm accessing bitbucket repos via HTTPS via my company proxy. Currently everything works fine as long as it doesn't need to authenticate -- e.g. clone and pull, and push when there are no changes.

But when I try to push, and it asks for password, I type the password, then get "Authorization failed" after a 3-5 second pause.

Comments (44)

  1. Dane Glerum

    I have this issue to and it's a pretty big limitation as I can't use Bit Bucket from behind the firewall. A big roadblock for pushing uptake within my company.

  2. Craig McQueen reporter

    Dilip M: It sounds as though the issue you're having is unrelated to this one. In this issue, clients were successfully connecting via HTTPS, but getting an "Authorisation failed" error.

  3. Dilip M

    Perfect! It works :) Thank you very much! I did a two test,

    - First providing the wrong passwd - It doens't pompt, BUT IT IS OK! :)

    - Second giving the correct one. - It works

    ~ Cheers, dm

  4. Sébastien Roccaserra

    I have a problem that looks similar, hg clone works fine, but I can't push behind a proxy. My proxy and hg settings must be valid, as I can push to googlecode with the same proxy conf, and similar hg settings.

    Here's a trace of my problem:

    $ hg --version

    Mercurial Distributed SCM (version 1.3.1)

    $ hg --verbose --debug push

    using https://bitbucket.org/sroccaserra/emacs/

    proxying through http://squid:3128

    sending between command

    pushing to https://bitbucket.org/sroccaserra/emacs/

    sending capabilities command

    capabilities: unbundle=HG10GZ,HG10BZ,HG10UN branchmap lookup changegroupsubset

    sending heads command

    searching for changes

    common changesets up to 000000000000

    1 changesets found

    list of changesets:

    c8eb7a160766f147fd84150fa9df54dfa611087c

    sending unbundle command

    sending 767 bytes

    http auth: user sroccaserra, password xxxxxxxx

    abort: Error

  5. Craig McQueen reporter

    I just tried a push via HTTPS through the proxy, and it worked.

    Since this issue has re-appeared a few times now, perhaps it's worth adding a test for this to your bitbucket site development test suite, to catch it in future.

  6. Enno Luebbers

    I appear to have the same problem -- cloning a private repository through our company proxy (squid 2.5.STABLE.12) fails with 'abort: authorization failed' when using HTTP or HTTPS. Cloning a public repository which doesn't need authorization works fine.

    Any ideas?

  7. François Chenais

    Have the same error behind company proxy.

    The test from house doesn't work at all with no proxy :|

    I'm using the bitbucket.org login and password web portal.

    Am I wrong ?

  8. dev.io

    There is no proxy or firewall. But I am on wireless with DHCP IP. Password is correct because I am able to login at the website.

  9. Dylan Etkin

    Hi dev.io,

    I am going to resolve this ticket since it has such a long and sometimes unspecific nature.

    If you are currently having issues accessing bitbucket over https can you please open a support request by emailing support@bitbucket.org

    Thanks,

    Dylan

  10. Christian Sterzl
    • changed status to new

    I am behind a company proxy and can't connect via https to a private repository. Setting the repo to public works.

    The error is:

    abort: Authorization failed:

    % hg clone --verbose --insecure -- https://*****@bitbucket.org/****/**** .
    warning: bitbucket.org certificate with fingerprint e9:0d:37:6a:33:2a:58:9a:b7:c0:4f:2f:af:8d:73:5c:b8:9f:4b:3a not verified (check hostfingerprints or web.cacerts config setting)
    HTTP-Autorisierung erforderlich
    Bereich: Bitbucket.org HTTP
    Benutzer: Waxolunist
    warning: bitbucket.org certificate with fingerprint e9:0d:37:6a:33:2a:58:9a:b7:c0:4f:2f:af:8d:73:5c:b8:9f:4b:3a not verified (check hostfingerprints or web.cacerts config setting)
    warning: bitbucket.org certificate with fingerprint e9:0d:37:6a:33:2a:58:9a:b7:c0:4f:2f:af:8d:73:5c:b8:9f:4b:3a not verified (check hostfingerprints or web.cacerts config setting)
    warning: bitbucket.org certificate with fingerprint e9:0d:37:6a:33:2a:58:9a:b7:c0:4f:2f:af:8d:73:5c:b8:9f:4b:3a not verified (check hostfingerprints or web.cacerts config setting)
    warning: bitbucket.org certificate with fingerprint e9:0d:37:6a:33:2a:58:9a:b7:c0:4f:2f:af:8d:73:5c:b8:9f:4b:3a not verified (check hostfingerprints or web.cacerts config setting)
    warning: bitbucket.org certificate with fingerprint e9:0d:37:6a:33:2a:58:9a:b7:c0:4f:2f:af:8d:73:5c:b8:9f:4b:3a not verified (check hostfingerprints or web.cacerts config setting)
    warning: bitbucket.org certificate with fingerprint e9:0d:37:6a:33:2a:58:9a:b7:c0:4f:2f:af:8d:73:5c:b8:9f:4b:3a not verified (check hostfingerprints or web.cacerts config setting)
    abort: Autorisierung fehlgeschlagen
    
  11. Yung-Yu Chen
    • changed status to open

    I still can't get authenticated through proxy to clone a private repository of mine. Cloning public repository through the same proxy is fine. Mercurial version is 1.9.3 and Python version is 2.7.2. No patches applied.

    > hg clone --debug https://xxx:xxx@bitbucket.org/xxx/xxx
    using https://bitbucket.org/xxx/xxx
    proxying through http://xx.xx.xx.xx:xx
    http auth: user xxx, password ********
    sending capabilities command
    warning: bitbucket.org certificate with fingerprint xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx not verified (check hostfingerprints or web.cacerts config setting)
    http auth: user xxx, password ********
    warning: bitbucket.org certificate with fingerprint xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx not verified (check hostfingerprints or web.cacerts config setting)
    http auth: user xxx, password ********
    http auth: user xxx, password ********
    http auth: user xxx, password ********
    http auth: user xxx, password ********
    http auth: user xxx, password ********
    abort: authorization failed
    
  12. Charles McLaughlin

    @ yungyuc

    I see entries in our logs indicating your requests were in fact 401 unauthorized. Are you sure you're specifying the correct password? Can you log into bitbucket.org using the same credentials?

  13. Yung-Yu Chen

    Charles McLaughlin

    I am sure I was using the correct password. I can also log into bb by using the same credential behind the proxy.

    I now confirm that I can use clone the same repository through https from another network that uses no proxy. It seems to be safe to say that there's an authenticating issue of bb over http behind a proxy that requires authentication.

  14. Charles McLaughlin

    We do have other users who have reported problems with proxies, then later we've confirmed the problem is not on our end. Here's an example:

    https://bitbucket.org/site/master/issue/3174

    So I'm not exactly sure what to suggest. If I were in your situation I would start trying to narrow down the problem by sniffing packets.

    Does the problem happen if you clone over http (not https)? We redirect from http to https, so to test that you'll have to play some games.... Try making a new Bitbucket account with a password you don't care about since it's about to go over the wire or air in plain text. Make a new repository and push some data to the new account. You can access Bitbucket via http://hg.io/ without SSL. Try pushing to the new account/repo on the hg.io url. Does it fail there too? If so, sniff the packets and take a look at what's going on. Maybe the proxy is screwing around with your traffic?

    Now that I've typed all that, I should also mention that you should use the latest version of Mercurial if you're not already. Start with that before doing anything else. We've had some problems with long URLs that Mercurial uses behind the scenes that cause 500 errors. Maybe the proxy could compound that possible problem.

    I hope this helps and please keep us posted.

    Charles

  15. Log in to comment