buildbots with old ssl (snowleopard, mtln)
Joshua Root
jmr at macports.org
Tue May 3 23:58:33 PDT 2016
Yeah. Unfortunately there are rather a lot of not-that-old systems and
devices out there that can't use 1.1. But, also unfortunately, version
1.0 is pretty broken.
Probably the best fix on our end would be to reinstate the immediate
mirroring that used to happen from a post-commit hook. And possibly make
the build block until the mirroring is done. In fact, maybe the
mirroring could be triggered from one of the first steps in the build.
- Josh
On 2016-5-4 06:03 , Daniel J. Luke wrote:
> This is probably caused by the site now requiring TLS 1.1 or better:
>
> https://www.ssllabs.com/ssltest/analyze.html?d=openssl.org&s=194.97.150.234
>
> Since PCI compliance is requiring the phasing out of TLS 1.0 support, this is probably going to become much more common in the near future (PCI requirements tend to drive a lot of "standard" configurations even for systems that don't process credit cards).
>
>> On May 3, 2016, at 3:32 PM, Daniel J. Luke <dluke at geeklair.net> wrote:
>> It looks like the snowleopard and mtln buildbots can't download current openssl:
>>
>> DEBUG: Fetching distfile failed: Unknown SSL protocol error in connection to www.openssl.org:443
>>
>> Is it time to retire the buildbots for these old OS versions? Should we set them up to use the squid proxy I host for any https url (or just for anything if that's easier)? Some other solution?
>>
>> [Noticed from clamav build failures
>> http://build.macports.org/builders/buildports-snowleopard-x86_64/builds/41753
>> http://build.macports.org/builders/buildports-mtln-x86_64/builds/29275]
>
More information about the macports-dev
mailing list