Debian: git error gnutls_handshake() failed: Public key signature verification has failed.

Hi,

I’m on debian testing and cloning from a git repository fails with error: “gnutls_handshake() failed: Public key signature verification has failed” occured.
git is linked against the libcurl3-gnutls library. Newer versions have a bug when using git over a https proxy.


Possible solutions is to downgrade curl and libcurl3-gnutls to on older version (debian jessie) which is known to work.

Add the jessie repository (I’m on debian testing) /etc/apt/sources.list.d/jessie.list

deb http://cdn.debian.net/debian/ jessie main contrib non-free

root@devdeb ~# apt-get update
root@debdev:~# dpkg -l|grep curl
ii  curl                      7.50.1-1 command line ...
ii  libcurl3:amd64            7.50.1-1 easy-to-use ...
ii  libcurl3-gnutls:amd64     7.50.1-1 easy-to-use ...
ii  libcurl4-gnutls-dev:amd64 7.50.1-1 development ...

Remove the package. This also removes git.

apt-get remove libcurl3-gnutls
root@debdev:/etc/apt/sources.list.d# apt-cache policy libcurl3-gnutls
libcurl3-gnutls:
  Installiert:           (keine)
  Installationskandidat: 7.50.1-1
  Versionstabelle:
     7.50.1-1 500
        500 http://ftp.uni-erlangen.de/debian testing/main amd64 Packages
     7.38.0-4+deb8u4 500
        500 http://cdn.debian.net/debian jessie/main amd64 Packages

Install older package from jessie

root@devdeb ~# apt-get install libcurl3-gnutls=7.38.0-4+deb8u4 

or

root@devdeb ~# apt-get -t=jessie install libcurl3-gnutls

Leave package untouched (hold flag is set) on update

root@devdeb ~# apt-mark hold libcurl3-gnutls
root@devdeb ~# dpkg -l |gnutls
hi  libcurl3-gnutls:amd64 7.38.0-4+deb8u4

Install git again.

root@devdeb ~# apt-get install git

Clone the repository

michael@devdeb ~ $ git clone http://github.com/sparkfun/Pocket_AVR_Programmer
remote: Counting objects: 141  , done.
remote: Total 141 (delta 0), reused 0 (delta 0), pack-reused 141
Empfange Objekte: 100% (141/141), 6.40 MiB | 8.00 KiB/s, Fertig.

Michael

Other useful commands

apt-get install apt-show-versions
apt-cache madison libcurl3-gnutls
apt-cache showpkg curl

4 thoughts on “Debian: git error gnutls_handshake() failed: Public key signature verification has failed.”

  1. Thanks, that did the trick.
    I didn’t actually have to remove the packages though, I just did
    apt-get install libcurl3-gnutls=7.38.0-4+deb8u4
    and it automatically downgraded that package without removing dependencies (i.e. git) so I didn’t have to reinstall

Leave a Reply Cancel reply