MbedTLS had build errors in julia 0.4 about mbedtls.jl HOT 11 CLOSED

Yes, and that is also supposed to work when you don't have sudo access I think.

from mbedtls.jl.

Prior versions did, master does not. That's a cache server failure, cc @staticfloat

from mbedtls.jl.

It's failing on the second download; e.g. the fastly/AWS server connection. Steps to reproduce:

$ docker run -ti quay.io/travisci/travis-ruby /bin/bash
root@1b0d11fe155c:/# curl -v -L -o /dev/null 'https://julialangcache-s3.julialang.org/'
* About to connect() to julialangcache-s3.julialang.org port 443 (#0)
*   Trying 151.101.54.49...   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0connected
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
} [data not shown]
* SSLv3, TLS alert, Server hello (2):
{ [data not shown]
* error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
* Closing connection #0
curl: (35) error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version

Connecting directly to S3 works however:

root@1b0d11fe155c:/# curl -v -L -o /dev/null 'https://julialangcache.s3.amazonaws.com/'
... Lots of happy output ....

This is due to the fact that Fastly only supports TLS (and, starting today, only TLS version 1.2+) and the curl that comes with the precise images of Travis are too old to support this; they only support TLS 1.0.

from mbedtls.jl.

Good digging. Guess we could maybe do checksum verification but disable certificate checking in the curl call, would that help?

from mbedtls.jl.

We can also run this:

$ sudo apt-get update && sudo apt-get upgrade -y libssl1.0.0

That is sufficient to get libssl1.0.0 updated to the point that it'll talk to our servers.

from mbedtls.jl.

oh, ubuntu backported that? could try using the apt addon https://docs.travis-ci.com/user/installing-dependencies/#Adding-APT-Packages to avoid needing platform conditionals around it

from mbedtls.jl.

right. and sooner or later travis may change their default to 14.04, though I wonder whether people on centos 6 or other similarly old distros may have issues here. python was complaining at me about something related a while back, I forget the exact details though.

from mbedtls.jl.

@tkelman
Hi, thanks for your reply.
I guess 0.3.0 is the newest version which supports Julia 0.4, is that right?

from mbedtls.jl.

I wonder whether people on centos 6 or other similarly old distros may have issues here.

If I docker run -ti centos:6, I can curl just fine, so I think it's just a matter of people upgrading their outdated distros with the backported libssl packages. centos:5 doesn't work though, and I can't yum update to see if it's been backported because it looks like CentOS 5 is officially EOL'ed and the repos are gone.

from mbedtls.jl.

And the buildbots are indeed hitting this. Not good.

from mbedtls.jl.

@quinnj obsolete issue? should be closed?

from mbedtls.jl.