Status: New
Owner: ----
Labels: Type-Defect Priority-Medium

New issue 3283 by Bitbucket hosting service fails when using authenticated connection

What version are you running?

Seen with both 1.7.21 and 2.0 beta 3

What's the URL of the page containing the problem?

Any authenticated bitbucket API URL.  e.g.

What steps will reproduce the problem?
1. Create a private repository on Bitbucket
2. Add this repository to reviewboard giving the username and password
3. When the repository is saved an empty error message will be displayed (bitbucket returns a 401 error code, but no body text for the response)

What is the expected output? What do you see instead?

The expected behaviour is for the repository to be added, as is done for unauthenticated repositories.

What operating system are you using? What browser?

Tried on both Linux and Mac OSX using Google Chrome.

Please provide any additional information below.

The bitbucket api documentation states that HTTP basic auth is supported; however some basic testing shows that this may no longer be the case. I get a 401 Unauthorised trying to retrieve repository information using basic auth, but the same request using digest auth works fine.

$ curl -v -u 'russelh:REDACTED' ''
$curl --digest -v -u 'russelh:REDACTED'
{"scm": "git", "has_wiki": false, "last_updated": "2014-03-05T14:49:43.073", "no_forks": false, "forks_count": 0, "created_on": "2014-03-05T14:30:35.836", "owner": "rgh-reviews", "logo": "";, "email_mailinglist": "", "is_mq": false, "size": 58439, "read_only": false, "fork_of": null, "mq_of": null, "followers_count": 1, "state": "available", "utc_created_on": "2014-03-05 13:30:35+00:00", "website": "", "description": "", "has_issues": false, "is_fork": false, "slug": "rgh-reviews", "is_private": false, "name": "rgh-reviews", "language": "", "utc_last_updated": "2014-03-05 13:49:43+00:00", "email_writers": true, "no_public_forks": false, "creator": null, "resource_uri": "/1.0/repositories/rgh-reviews/rgh-reviews"}

$ curl -v -u 'russelh:REDACTED' ''
* About to connect() to port 443 (#0)
*   Trying
* connected
* Connected to ( port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-AES128-GCM-SHA256
* Server certificate:
* subject: businessCategory=Private Organization;;; serialNumber=3928449; street=375 Alabama St Ste 325; postalCode=94110; C=US; ST=CA; L=San Francisco; O=Atlassian, Inc.;
*        start date: 2012-01-03 00:00:00 GMT
*        expire date: 2014-03-12 12:00:00 GMT
*        subjectAltName: matched
* issuer: C=US; O=DigiCert Inc;; CN=DigiCert High Assurance EV CA-1
*        SSL certificate verify ok.
* Server auth using Basic with user 'russelh'
GET /api/1.0/repositories/rgh-reviews/rgh-reviews HTTP/1.1
Authorization: Basic REDACTED
User-Agent: curl/7.26.0
Accept: */*

* additional stuff not fine transfer.c:1037: 0 0
* HTTP 1.1 or later with persistent connection, pipelining supported
< Server: nginx/1.5.10
< Date: Wed, 05 Mar 2014 21:32:13 GMT
< Content-Type: text/html; charset=utf-8
< Content-Length: 0
< Connection: keep-alive
< X-Served-By: app01
< X-Render-Time: 0.401180028915
< Content-Language: en
< X-Static-Version: e6bd9f5793a0
< Vary: Accept-Language, Cookie
< X-Version: e29e06e0b6a9
< ETag: "d41d8cd98f00b204e9800998ecf8427e"
< X-Request-Count: 317
< X-Frame-Options: SAMEORIGIN
* Authentication problem. Ignoring this.
< WWW-Authenticate: Basic realm=" API"
* Connection #0 to host left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):

You received this message because this project is configured to send all issue notifications to this address.
You may adjust your notification preferences at:

You received this message because you are subscribed to the Google Groups 
"reviewboard-issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
To post to this group, send email to
Visit this group at
For more options, visit

Reply via email to