fetch timeout

Mark Brethen mark.brethen at gmail.com
Tue Jul 19 09:58:00 UTC 2022 

Please tell me why fetch still fails when /usr/bin/curl succeeds in terminal?

:notice:fetch --->  Attempting to fetch tetgen1.5.1.tar.gz from http://wias-berlin.de/software/tetgen/1.5/src/
:debug:fetch Fetching distfile failed: error:14008410:SSL routines:CONNECT_CR_KEY_EXCH:sslv3 alert handshake failure

Mark Brethen
mark.brethen at gmail.com



> On Jul 19, 2022, at 4:46 AM, Mark Brethen <mark.brethen at gmail.com> wrote:
> 
> HTTPS uses TLS (SSL) to encrypt normal HTTP requests and responses. Use HTTP instead:
> 
> ~ $ cd Downloads
> Downloads $ /usr/bin/curl -vO http://wias-berlin.de/software/tetgen/1.5/src/tetgen1.5.1.tar.gz <http://wias-berlin.de/software/tetgen/1.5/src/tetgen1.5.1.tar.gz>
>   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
>                                  Dload  Upload   Total   Spent    Left  Speed
>   0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 62.141.177.111...
> * TCP_NODELAY set
> * Connected to wias-berlin.de <http://wias-berlin.de/> (62.141.177.111) port 80 (#0)
> > GET /software/tetgen/1.5/src/tetgen1.5.1.tar.gz HTTP/1.1
> > Host: wias-berlin.de <http://wias-berlin.de/>
> > User-Agent: curl/7.64.1
> > Accept: */*
> > 
> < HTTP/1.1 301 Moved Permanently
> < Date: Tue, 19 Jul 2022 09:37:56 GMT
> < Server: Apache
> < Location: https://wias-berlin.de/software/tetgen/1.5/src/tetgen1.5.1.tar.gz <https://wias-berlin.de/software/tetgen/1.5/src/tetgen1.5.1.tar.gz>
> < Content-Length: 273
> < Content-Type: text/html; charset=iso-8859-1
> < 
> { [273 bytes data]
> 100   273  100   273    0     0    291      0 --:--:-- --:--:-- --:--:--   291
> * Connection #0 to host wias-berlin.de <http://wias-berlin.de/> left intact
> * Closing connection 0
> 
> Mark Brethen
> mark.brethen at gmail.com <mailto:mark.brethen at gmail.com>
> 
> 
> 
>> On Jul 18, 2022, at 11:56 AM, Mark Brethen <mark.brethen at gmail.com <mailto:mark.brethen at gmail.com>> wrote:
>> 
>> It’s more likely that curl 7.64.1 succeeds to connect while openssl 2.8.3 fails with alert number 40 (see below). It might be related to the server which has several virtual hosts. openssl 3.0.5 (mp) seems to handle it fine compared to openssl 2.8.3.
>> 
>> Downloads $ openssl version
>> OpenSSL 3.0.5 5 Jul 2022 (Library: OpenSSL 3.0.5 5 Jul 2022)
>> 
>> Downloads $ openssl s_client -connect wias-berlin.de:443 <http://wias-berlin.de:443/> -servername wias-berlin.de <http://wias-berlin.de/>
>> CONNECTED(00000005)
>> depth=3 C = DE, O = T-Systems Enterprise Services GmbH, OU = T-Systems Trust Center, CN = T-TeleSec GlobalRoot Class 2
>> verify return:1
>> depth=2 C = DE, O = Verein zur Foerderung eines Deutschen Forschungsnetzes e. V., OU = DFN-PKI, CN = DFN-Verein Certification Authority 2
>> verify return:1
>> depth=1 C = DE, O = Verein zur Foerderung eines Deutschen Forschungsnetzes e. V., OU = DFN-PKI, CN = DFN-Verein Global Issuing CA
>> verify return:1
>> depth=0 C = DE, ST = Berlin, L = Berlin, O = Forschungsverbund Berlin e.V., OU = Weierstrass-Institut f. Angewandte Analysis u. Stochastik (WIAS), OU = RT, CN = www.wias-berlin.de <http://www.wias-berlin.de/>
>> verify return:1
>> 
>> Downloads $ /usr/bin/openssl version
>> LibreSSL 2.8.3
>> 
>> Downloads $ /usr/bin/openssl s_client -connect wias-berlin.de:443 <http://wias-berlin.de:443/> -servername wias-berlin.de <http://wias-berlin.de/>
>> CONNECTED(00000005)
>> depth=3 C = DE, O = T-Systems Enterprise Services GmbH, OU = T-Systems Trust Center, CN = T-TeleSec GlobalRoot Class 2
>> verify return:1
>> depth=2 C = DE, O = Verein zur Foerderung eines Deutschen Forschungsnetzes e. V., OU = DFN-PKI, CN = DFN-Verein Certification Authority 2
>> verify return:1
>> depth=1 C = DE, O = Verein zur Foerderung eines Deutschen Forschungsnetzes e. V., OU = DFN-PKI, CN = DFN-Verein Global Issuing CA
>> verify return:1
>> depth=0 C = DE, ST = Berlin, L = Berlin, O = Forschungsverbund Berlin e.V., OU = Weierstrass-Institut f. Angewandte Analysis u. Stochastik (WIAS), OU = RT, CN = www.wias-berlin.de <http://www.wias-berlin.de/>
>> verify return:1
>> 4381900460:error:14008410:SSL routines:CONNECT_CR_KEY_EXCH:sslv3 alert handshake failure:/System/Volumes/Data/SWE/macOS/BuildRoots/880a0f6e74/Library/Caches/com.apple.xbs/Sources/libressl/libressl-56.60.4/libressl-2.8/ssl/ssl_pkt.c:1200:SSL alert number 40
>> 4381900460:error:140080E5:SSL routines:CONNECT_CR_KEY_EXCH:ssl handshake failure:/System/Volumes/Data/SWE/macOS/BuildRoots/880a0f6e74/Library/Caches/com.apple.xbs/Sources/libressl/libressl-56.60.4/libressl-2.8/ssl/ssl_pkt.c:585:
>> ---
>> 
>> 
>> 
>> Mark
>> 
>> 
>> 
>>> On Jul 18, 2022, at 8:11 AM, Mark Brethen <mark.brethen at gmail.com <mailto:mark.brethen at gmail.com>> wrote:
>>> 
>>> wias-berlin.de <http://wias-berlin.de/>
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macports.org/pipermail/macports-dev/attachments/20220719/ed95cdc3/attachment-0001.htm>

More information about the macports-dev mailing list