Cloning problem over SSL

ssl
clone
invalid-clone-url

#1

I have migrated a test instance to CE 4.1.2 and am unable to clone a repo from my Enterprise 3.8.3 server via SSL. The error I get in the CE GUI is: “invalid clone url for hg repository”.

The messages I see in community.log are:

2016-06-20 13:41:14.984 ERROR [rhodecode.model.validators] Url validation failed
Traceback (most recent call last):
File “/opt/rhodecode/store/bc0ram64ldq15a1s4mc8ysalwgcvxmyd-python2.7-rhodecode-enterprise-ce-4.1.2/lib/python2.7/site-packages/rhodecode/model/validators.py”, line 627, in validate_python
url_handler(repo_type, url)
File “/opt/rhodecode/store/bc0ram64ldq15a1s4mc8ysalwgcvxmyd-python2.7-rhodecode-enterprise-ce-4.1.2/lib/python2.7/site-packages/rhodecode/model/validators.py”, line 584, in url_handler
MercurialRepository.check_url(url, config)
File “/opt/rhodecode/store/bc0ram64ldq15a1s4mc8ysalwgcvxmyd-python2.7-rhodecode-enterprise-ce-4.1.2/lib/python2.7/site-packages/rhodecode/lib/vcs/backends/hg/repository.py”, line 311, in check_url
return connection.Hg.check_url(url, config.serialize())
File “/opt/rhodecode/store/bc0ram64ldq15a1s4mc8ysalwgcvxmyd-python2.7-rhodecode-enterprise-ce-4.1.2/lib/python2.7/site-packages/rhodecode/lib/vcs/exceptions.py”, line 182, in wrapper
raise _EXCEPTION_MAPkind
URLError: <urlopen error [https://campsyse:*****@rhode.it.siu.edu/Linux/zabbix] org_exc: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)>>

What did I miss? Thank you in advance.


#2

Hi,

There seems to be missing some exception information, could you re-check the logs and see if there’s more in the exception logs ?


#3

I will try the last line of that block again. The page is re-formatting it.

File "/opt/rhodecode/store/bc0ram64ldq15a1s4mc8ysalwgcvxmyd-python2.7-rhodecode-enterprise-ce-4.1.2/lib/python2.7/site-packages/rhodecode/lib/vcs/exceptions.py", line 182, in wrapper
    raise _EXCEPTION_MAP[kind](*e.args)
URLError: <urlopen error [https://campsyse:*****@rhode.it.siu.edu/Linux/zabbix] org_exc: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)>>

#4

Is it a self-signed certificate ?

We updated Mercurial and Python version in 4.X release and now it’s much more strict on SSL checks.

We might want to investigate if this is not a regression.


#5

No, the target certificate is a valid certificate issued by InCommon. I never had an issue with this same process in prior versions. Does python use its own CA list or root certificates?


#6

THis might be either mercurial

[web] 
cacerts = 

Is wrongly set, or Python itself. I assume importing: https://code.rhodecode.com/rhodecode-enterprise-ce
Works fine ?


#7

I get the same error messages when I try to import from that URL. It did, however work fine from my 3.8.3 Enterprise version.


#8

I’m suspecting Python update + env problem. I can import it without a problem on our test instances. Maybe system related / cert file.


#9

Thanks for your help, Marcin. I will keep searching.


#10

Hi,i have the same problem. When i am trying to clone repo, from Rhodecode 1.7 to RhodeCode CE (wia webinterface, admin concole- creating new repo- Import Existing Repository - add https://user@192.168.89.xxx/rhodecode/_127) i have next error-invalid clone url for hg repository. When i do the same from terminal by command hg clone https://user@192.168.89.xxx/rhodecode/_127 all be carrying out


#11

I am also facing the same issue. using 4.3.0 CE version. When I try to “import Existing repository” getting “invalid clone url for hg repository” exception. Able to clone from HG client. I tried to download, lower version of Rhodecode CE. But no luck (404 error). Please help to resolve the issue.
Thanks in Advance.


#12

did you check in logs what is the cause of the import ? There should be a relevant excepition in enterprise.log


#14

Hi Marcin,
Thanks for the reply. Same error as “Eriddle” mentioned in the above reply.
“org_exc: urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)”


#15

Hi,

Please help to resolve the above cloning issue. I am unable to download old versions of Rhodecode also.
Thanks in Advance.


#16

We made a ticket to investigate this with high priority with our team: https://issues.rhodecode.com/issues/4199


#17

Hi Marcin,

Thanks for the ticket. Meantime could you please help to provide the older version of Rhodecode 3.8.3 which worked for “Eriddle” or some other version.


#18

All our released versions are available, simply run rccontrol install --version=3.8.3 for both enterprise and vcsserver


#19

Hi marcin,

Is there any url to download and install offline.? I am trying the url in MANIFEST file. But it is not working.
Thanks for the support.


#20

We did a release few minutes ago, so the URLs changed. You can always refer to this file:
curl https://dls.rhodecode.com/public/linux/MANIFEST

For latest download links.


#21

Hi Marcin,

Thanks for the new MANIFEST. Now I am able to download the older version of Rhodecode(3.8.3 and other versions). But when I try to install offline. “rccontrol” not recognizing the older versions from cache folder. It is asking to download again.I am able to install 4.3.0 offline.
Below is the error.

rccontrol install VCSServer --version 3.8.3 --offline
Offline mode enabled. Using files from the local cache.
Manually download the file from an online computer and copy it to /root/.rccontrol/cache
https://dls.rhodecode.com/linux/RhodeCodeVCSServer-3.8.3+x86_64-linux_build20160812_1543.tar.bz2