fetch timeout

Chris Jones jonesc at hep.phy.cam.ac.uk
Fri Jul 15 14:44:05 UTC 2022



On 15/07/2022 3:30 pm, Mark Brethen wrote:
> I was trying to say that I skipped versions and upgraded from high 
> sierra to big sur. 

Ah ha. So I read something completely different from "Other than 
updating the system from High Sierra, nothing else"...

Indeed it looks like you are on macOS 11..

For reference what I get on macOS12 with curl -v is below..

How old is your  /etc/ssl/cert.pem ?

 > ls -lth  /etc/ssl/cert.pem
-rw-r--r--  1 root  wheel   326K  9 May 22:30 /etc/ssl/cert.pem

what is yor system curl version ?

Oberon ~/Projects/MacPorts/ports > /usr/bin/curl --version
curl 7.79.1 (x86_64-apple-darwin21.0) libcurl/7.79.1 (SecureTransport) 
LibreSSL/3.3.6 zlib/1.2.11 nghttp2/1.45.1
Release-Date: 2021-09-22
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap 
ldaps mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS GSS-API HSTS HTTP2 HTTPS-proxy IPv6 Kerberos 
Largefile libz MultiSSL NTLM NTLM_WB SPNEGO SSL UnixSockets

Chris

/usr/bin/curl -L -v -o tetgen1.5.1.tar.gz 
https://wias-berlin.de/software/tetgen/1.5/src/tetgen1.5.1.tar.gz 

   % Total    % Received % Xferd  Average Speed   Time    Time     Time 
Current
                                  Dload  Upload   Total   Spent    Left 
Speed
   0     0    0     0    0     0      0      0 --:--:-- --:--:-- 
--:--:--     0*   Trying 62.141.177.111:443...
* Connected to wias-berlin.de (62.141.177.111) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (OUT), TLS handshake, Client hello (1):
} [319 bytes data]
   0     0    0     0    0     0      0      0 --:--:-- --:--:-- 
--:--:--     0* (304) (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* (304) (IN), TLS handshake, Unknown (8):
{ [21 bytes data]
* (304) (IN), TLS handshake, Certificate (11):
{ [5159 bytes data]
* (304) (IN), TLS handshake, CERT verify (15):
{ [520 bytes data]
* (304) (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* (304) (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / AEAD-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: C=DE; ST=Berlin; L=Berlin; O=Forschungsverbund Berlin e.V.; 
OU=Weierstrass-Institut f. Angewandte Analysis u. Stochastik (WIAS); 
OU=RT; CN=www.wias-berlin.de
*  start date: Aug  4 13:43:33 2021 GMT
*  expire date: Sep  4 13:43:33 2022 GMT
*  subjectAltName: host "wias-berlin.de" matched cert's "wias-berlin.de"
*  issuer: C=DE; O=Verein zur Foerderung eines Deutschen 
Forschungsnetzes e. V.; OU=DFN-PKI; CN=DFN-Verein Global Issuing CA
*  SSL certificate verify ok.
 > GET /software/tetgen/1.5/src/tetgen1.5.1.tar.gz HTTP/1.1
 > Host: wias-berlin.de
 > User-Agent: curl/7.79.1
 > Accept: */*
 >
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Date: Fri, 15 Jul 2022 14:35:54 GMT
< Server: Apache-Coyote/1.1
< Strict-Transport-Security: max-age=63072000
< Accept-Ranges: bytes
< ETag: W/"282433-1534863100000"
< Last-Modified: Tue, 21 Aug 2018 14:51:40 GMT
< Content-Type: application/x-gzip
< Content-Length: 282433
<
{ [7906 bytes data]
100  275k  100  275k    0     0   742k      0 --:--:-- --:--:-- --:--:-- 
  761k
* Connection #0 to host wias-berlin.de left intact


As to the version, is it 10.16 or 11? System profiler
> says this:
> 
> *System Software Overview:*
> 
>    System Version:macOS 11.6.7 (20G630)
>    Kernel Version:Darwin 20.6.0
>    Boot Volume:Macintosh HD
>    Boot Mode:Normal
>    Computer Name:brethen-air
>    User Name:Mark Brethen (marbre)
>    Secure Virtual Memory:Enabled
>    System Integrity Protection:Enabled
>    Time since boot:10 days 18:45
> 
> Mark Brethen
> mark.brethen at gmail.com <mailto:mark.brethen at gmail.com>
> 
> 
> 
>> On Jul 15, 2022, at 9:23 AM, Chris Jones <jonesc at hep.phy.cam.ac.uk 
>> <mailto:jonesc at hep.phy.cam.ac.uk>> wrote:
>>
>>
>>
>> On 15/07/2022 3:20 pm, Mark Brethen wrote:
>>> I have big sur installed (In the ‘About This Mac’ it lists 
>>> ‘Version11.6.7')
>>
>> Sorry but you are being damn confusing. Why did you then mention 'High 
>> Sierra' as your OS below ????
>>
>> If you truly do have macOS11 installed, fully up to date, then I am 
>> very surprised you are seeing SSL issues.... can anyone else on this 
>> OS confirm if they see the same issue...
>>
>>> Mark Brethen
>>> mark.brethen at gmail.com <mailto:mark.brethen at gmail.com>
>>>> On Jul 15, 2022, at 9:14 AM, Chris Jones <jonesc at hep.phy.cam.ac.uk> 
>>>> wrote:
>>>>
>>>>
>>>>
>>>> On 15/07/2022 3:08 pm, Mark Brethen wrote:
>>>>> ~ $ /usr/bin/curl -L -v -o tetgen1.5.1.tar.gz 
>>>>> https://wias-berlin.de/software/tetgen/1.5/src/tetgen1.5.1.tar.gz 
>>>>> <https://wias-berlin.de/software/tetgen/1.5/src/tetgen1.5.1.tar.gz>
>>>>>   % Total    % Received % Xferd  Average Speed   Time    Time 
>>>>>     Time  Current
>>>>>                                  Dload  Upload   Total   Spent 
>>>>>    Left  Speed
>>>>>   0     0    0     0    0     0      0      0 --:--:-- --:--:-- 
>>>>> --:--:--     0*   Trying 62.141.177.111...
>>>>> * TCP_NODELAY set
>>>>> * Connected to wias-berlin.de <http://wias-berlin.de> 
>>>>> (62.141.177.111) port 443 (#0)
>>>>> * ALPN, offering h2
>>>>> * ALPN, offering http/1.1
>>>>> * successfully set certificate verify locations:
>>>>> *   CAfile: /etc/ssl/cert.pem
>>>>>   CApath: none
>>>>> * TLSv1.2 (OUT), TLS handshake, Client hello (1):
>>>>> } [228 bytes data]
>>>>> * TLSv1.2 (IN), TLS handshake, Server hello (2):
>>>>> { [59 bytes data]
>>>>> * TLSv1.2 (IN), TLS handshake, Certificate (11):
>>>>> { [6122 bytes data]
>>>>> * TLSv1.2 (IN), TLS alert, handshake failure (552):
>>>>> { [2 bytes data]
>>>>> * error:14008410:SSL routines:CONNECT_CR_KEY_EXCH:sslv3 alert 
>>>>> handshake failure
>>>>>   0     0    0     0    0     0      0      0 --:--:-- --:--:-- 
>>>>> --:--:--     0
>>>>> * Closing connection 0
>>>>> curl: (35) error:14008410:SSL routines:CONNECT_CR_KEY_EXCH:sslv3 
>>>>> alert handshake failure
>>>>> Other than updating the system from High Sierra, nothing else. It 
>>>>> sounds like I may need to update my certificates?
>>>>
>>>> Oh.... You said you where on macOS 11... I guess that was incorrect 
>>>> and you really mean OSX 10.11 or.... what ? High Sierra is OSX 10.13 
>>>> ... Please try and be precise in your OS version as in this case it 
>>>> really makes a difference...
>>>>
>>>> So, assuming you are on 10.11, or 10.13... That OS is indeed old and 
>>>> known to have SSL issues. The best solution is indeed to upgrade to 
>>>> a newer OS (for many many reasons...)
>>>>
> 


More information about the macports-dev mailing list