[Git Note] & quot; error: 0D0890A1: asn1 encoding routines: ASN1_verify: unknown message digest algorithm & quot; solution, messagedigest

[Git Note] "error: 0D0890A1: asn1 encoding routines: ASN1_verify: unknown message digest algorithm" solution, messagedigest

Note:The premise described in this note is that git has been successfully installed on the machine and supports obtaining remote repositories through https by configuring the ca certificate. If you encounter the problem described in this article when using git, then we can solve the problem according to the solution provided in that article.

When clone repo from github recently, the git clone Command reports the following error (using the vim Code Completion plug-in youcompleteme as an example ):

$ git clone https://github.com/Valloric/YouCompleteMe.gitCloning into 'YouCompleteMe'...fatal: unable to access 'https://github.com/Valloric/YouCompleteMe.git/': error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm

Because the bottom layer of git uses the locally installed curl to fetch remote repo, we can open the curl debugging option to view specific errors:

$ export GIT_CURL_VERBOSE=1$ git clone https://github.com/Valloric/YouCompleteMe.gitCloning into 'YouCompleteMe'...* Couldn't find host github.com in the .netrc file, using defaults* About to connect() to github.com port 443*   Trying 192.30.252.129... * connected* Connected to github.com (192.30.252.129) port 443* successfully set certificate verify locations:*   CAfile: /home/slvher/tools/https-ca/github-ca/ca-bundle.crt  CApath: none* error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm* Closing connection #0fatal: unable to access 'https://github.com/Valloric/YouCompleteMe.git/': error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm

From the verbose output, we can see that git has successfully connected github.com with curl. However, when cloning remote repo in https mode, the locally configured CAfile cannot identify the ssl authentication algorithm provided by github, therefore, this session fails to exit.
According to stackoverflow's post (Can not use "git pull" beacause of some error), github uses the sha256 Algorithm in ssl authentication for https, this sha256 algorithm is introduced from version 0.9.8o by openssl.
Run the following command to verify the openssl version on my machine (the unified development environment of the company). It turns out that it is 0.9.7a. This version does not support the sha256 algorithm adopted by github...

$ python -c 'import ssl; print ssl.OPENSSL_VERSION'OpenSSL 0.9.7a Feb 19 2003

The cause of the error reported by git clone is clear, and the solution is clear. You can perform the following steps to fix the problem.

1. Update the openssl library on the machine to v0.9.8o or later.
A. Download the license from the opensslofficial network. For example, I download openssl-1.0.1j.tar.gz.
B. decompress the compressed package downloaded in the previous step, and cd to the decompressed directory.
C. Execute the following command on the Current shell Terminal

$ Export CFLAGS = "-fPIC" $. /config shared -- openssldir =/home/slvher/tools/openssl-1.0.1j/# No root permission, so openssldir specifies the custom installation path $ make depend $ make all $ make install

After openssl source code is compiled/installed successfully, you can view the following directory structure in the directory specified by openssldir.

$ ls bin  certs  include  lib  man  misc  openssl.cnf  private

The shared library libssl. so file we need is in the lib directory.
Note 1:When updating the version, pay attention to the heartbleed vulnerability for openssl version 1.0.1 that broke out in April 2014. Therefore, you need to download openssl ver 1.0.1g or later.
NOTE 2:In this step, the installation of openssl to the non-system default directory is because I do not have the root permission and cannot overwrite the default openssl version of the system. The upgrade may also affect other users on the machine. This also directly causes the solution in this article to complete the following three steps.

2. recompile curl or replace the openssl shared library on which curl depends
Obviously, it is more convenient to directly replace libssl. so on which curl depends than to re-compile curl by source code. LD_PRELOAD can be used for the purpose:

$ Export LD_PRELOAD =/home/slvher/tools/openssl-1.0.1j/lib/libssl. so:/home/Server Load balancer/tools/openssl-1.0.1j/lib/libcrypto. so $ python-c 'import ssl; print ssl. openssl_version' # verify whether the replacement is successful. The output of my machine is OpenSSL 1.0.1j 15 Oct 2014. It can be seen that the replacement is successful.

3. Verify that git clone can be successfully executed

$ git clone https://github.com/Valloric/YouCompleteMe.gitCloning into 'YouCompleteMe'...remote: Counting objects: 29685, done.remote: Compressing objects: 100% (3/3), done.remote: Total 29685 (delta 0), reused 0 (delta 0)Receiving objects: 100% (29685/29685), 28.81 MiB | 5.77 MiB/s, done.Resolving deltas: 100% (9501/9501), done.Checking connectivity... done.

So far, the goal is achieved. Wonderful World ^_^

4. automate the process of replacing the openssl library
Step 2: Set the environment variable LD_PRELOAD to update the libssl. so shared library version that curl depends on. However, this replacement action is only valid for the session of the current terminal. When the session window is closed or switched to another window, an error occurs when git clone is executed.
One way to automate this replacement operation is in ~ /. Bash_profile set LD_PRELOAD to the path of the new version libssl. so and export the variable. However, this method may affect all modules of the current user.
Here I use the bash alias command to rewrite the git clone action:
1) Open ~ /. Bashrc File
2) Set alias for git commands

alias git='export LD_PRELOAD=/home/slvher/tools/openssl-1.0.1j/lib/libssl.so:/home/slvher/tools/openssl-1.0.1j/lib/libcrypto.so; git'

3) Save and exit
4) execute source ~ in other terminal windows ~ /. Bashrc
5) Verify that git clone is normal and can be verified in this window. The alias setting is successful.

At this point, the success is finally achieved.

[References]
1. stackoverflow: Can not use "git pull" beacause of some error
2. OpenSSL Doc: Compilation and Installation
3. wikipedia: Heartbleed

====================================== EOF ======================== ==============