Comments (11)
Yes, and that is also supposed to work when you don't have sudo
access I think.
from mbedtls.jl.
Prior versions did, master does not. That's a cache server failure, cc @staticfloat
from mbedtls.jl.
It's failing on the second download; e.g. the fastly/AWS server connection. Steps to reproduce:
$ docker run -ti quay.io/travisci/travis-ruby /bin/bash
root@1b0d11fe155c:/# curl -v -L -o /dev/null 'https://julialangcache-s3.julialang.org/'
* About to connect() to julialangcache-s3.julialang.org port 443 (#0)
* Trying 151.101.54.49... % Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0connected
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
} [data not shown]
* SSLv3, TLS alert, Server hello (2):
{ [data not shown]
* error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
* Closing connection #0
curl: (35) error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
Connecting directly to S3 works however:
root@1b0d11fe155c:/# curl -v -L -o /dev/null 'https://julialangcache.s3.amazonaws.com/'
... Lots of happy output ....
This is due to the fact that Fastly only supports TLS (and, starting today, only TLS version 1.2+) and the curl
that comes with the precise
images of Travis are too old to support this; they only support TLS 1.0.
from mbedtls.jl.
Good digging. Guess we could maybe do checksum verification but disable certificate checking in the curl call, would that help?
from mbedtls.jl.
We can also run this:
$ sudo apt-get update && sudo apt-get upgrade -y libssl1.0.0
That is sufficient to get libssl1.0.0
updated to the point that it'll talk to our servers.
from mbedtls.jl.
oh, ubuntu backported that? could try using the apt addon https://docs.travis-ci.com/user/installing-dependencies/#Adding-APT-Packages to avoid needing platform conditionals around it
from mbedtls.jl.
right. and sooner or later travis may change their default to 14.04, though I wonder whether people on centos 6 or other similarly old distros may have issues here. python was complaining at me about something related a while back, I forget the exact details though.
from mbedtls.jl.
@tkelman
Hi, thanks for your reply.
I guess 0.3.0 is the newest version which supports Julia 0.4, is that right?
from mbedtls.jl.
I wonder whether people on centos 6 or other similarly old distros may have issues here.
If I docker run -ti centos:6
, I can curl
just fine, so I think it's just a matter of people upgrading their outdated distros with the backported libssl
packages. centos:5
doesn't work though, and I can't yum update
to see if it's been backported because it looks like CentOS 5 is officially EOL'ed and the repos are gone.
from mbedtls.jl.
And the buildbots are indeed hitting this. Not good.
from mbedtls.jl.
@quinnj obsolete issue? should be closed?
from mbedtls.jl.
Related Issues (20)
- MbedTLS_jll started failing to load HOT 10
- Cannot create SSLConfig from a single pfx file HOT 1
- Base.lock and Base.unlock not implemented for SSLContext HOT 5
- LoadError: InitError: could not load library "libmbedcrypto.so.5" HOT 1
- Delay after initial write
- No example or function to create an SSLConfig where you need a cert as a client
- TagBot trigger issue HOT 17
- Failure in multi-threaded application with GoogleCloud.jl and HTTP.jl HOT 8
- Init error when running relocatable app HOT 1
- MbedTLS 1.1.1 breaks S3.put_object() HOT 17
- MbedTLS 1.1.1 causing issues for authentication on Azure HOT 14
- Cannot find cert.pem in compiled applications HOT 4
- possible performance issue: tiny packets? HOT 3
- possible performance issue: mbedtls_gcm_update CPU utilization HOT 2
- MbedException or IOError? HOT 1
- `encrypt` method mentioned in the documentation does not actually work
- CPU use skyrockets and program bricks when connection closed by server
- MethodError on findfirst instead of "Certificate verification failed" HOT 2
- MbedTLS changed ABI HOT 1
- Feature Request: add support for TLS PSK (pre-shared key)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mbedtls.jl.