> Thanks, but still no joy. I've added the log, using the unmodified
> github build-script for FC30, to the BZ.
> _______________________________________________
Was intrigued so started digging. Will skip the boring part. But I believe there is something else at play here. I pulled up a Fedora FC30 container to reproduce and couldn't - steps as detailed previously worked.
The key differences were the IP address redirections.
When I run the build I get redirected to
https://codeload.github.com/MythTV/mythtv/tar.gz/ce373bbd14ba6270dd6097ff072ad171ac2db871 which is identical.
However for me (Australia)
https://codeload.github.com resolves to 3.105.64.153. Client says hello, server says hello, everything works.
* Connection #0 to host github.com left intact
* Issue another request to this URL: '
https://codeload.github.com/MythTV/mythtv/tar.gz/ce373bbd14ba6270dd6097ff072ad171ac2db871' * Trying 3.105.64.153:443...
* TCP_NODELAY set
* Connected to codeload.github.com (3.105.64.153) port 443 (#1)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
For John
https://codeload.github.com resolves to 81.130.111.239. Client says hello, server says handshake failure, nothing works.
* Connection #0 to host github.com left intact
* Issue another request to this URL: '
https://codeload.github.com/MythTV/mythtv/tar.gz/ce373bbd14ba6270dd6097ff072ad171ac2db871' * Trying 81.130.111.239:443...
* TCP_NODELAY set
* Connected to codeload.github.com (81.130.111.239) port 443 (#1)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS alert, handshake failure (552):
{ [2 bytes data]
Using curl -v to access 3.105.64.153 gives the following:
curl -v
https://3.105.64.153/MythTV/mythtv/tar.gz/ce373bbd14ba6270dd6097ff072ad171ac2db871 * Trying 3.105.64.153:443...
* TCP_NODELAY set
* Connected to 3.105.64.153 (3.105.64.153) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: C=US; ST=California; L=San Francisco; O=GitHub, Inc.; CN=*.github.com
* start date: Jul 8 00:00:00 2019 GMT
* expire date: Jul 16 12:00:00 2020 GMT
* subjectAltName does not match 3.105.64.153
* SSL: no alternative certificate subject name matches target host name '3.105.64.153'
* Closing connection 0
* TLSv1.3 (OUT), TLS alert, close notify (256):
curl: (60) SSL: no alternative certificate subject name matches target host name '3.105.64.153'
More details here:
https://curl.haxx.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
Using curl -v to access 81.130.111.239 gives the following failure:
curl -v
https://81.130.111.239/MythTV/mythtv/tar.gz/ce373bbd14ba6270dd6097ff072ad171ac2db871 * Trying 81.130.111.239:443...
* TCP_NODELAY set
* Connected to 81.130.111.239 (81.130.111.239) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS alert, handshake failure (552):
* error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
* Closing connection 0
curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
Something re-routing the domain to an incorrect IP address? Proxy server? Bad mirror? Incorrect server configuration?
whois reports for 81.130.111.239 say BT Public Internet Service.
whois report for 3.105.64.153 say Amazon.
Hopefully this gives someone else enough to jump in and comment?
_______________________________________________
mythtv-dev mailing list
mythtv-dev@mythtv.org
http://lists.mythtv.org/mailman/listinfo/mythtv-dev http://wiki.mythtv.org/Mailing_List_etiquette MythTV Forums:
https://forum.mythtv.org