Acabei de instalar uma distribuição Antergos baseada em Arch. Então eu instalei alguns pacotes com pacman
. Agora, após uma reinicialização, estou recebendo erros de ssl ao tentar clonar o git.
fatal: unable to access 'https://[email protected]/xxx/yyyy.git/': error:1408F10B:SSL routines:ssl3_get_record:wrong version number
também enrolar para qualquer https não funciona.
curl https://google.com
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number
O curl parece mais recente.
$ curl --version
curl 7.58.0 (x86_64-pc-linux-gnu) libcurl/7.58.0 OpenSSL/1.1.0g zlib/1.2.11 libidn2/2.0.4 libpsl/0.19.1 (+libidn2/2.0.4) nghttp2/1.30.0
Release-Date: 2018-01-24
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL
$ pacman -Q | egrep 'ssl|curl'
curl 7.58.0-1
openssl 1.1.0.g-1
openssl-1.0 1.0.2.n-1
python-pycurl 7.43.0.1-1
$ ldd 'which curl'
linux-vdso.so.1 (0x00007ffdccee9000)
libcurl.so.4 => /usr/lib/libcurl.so.4 (0x00007fe06a5a5000)
libpthread.so.0 => /usr/lib/libpthread.so.0 (0x00007fe06a387000)
libc.so.6 => /usr/lib/libc.so.6 (0x00007fe069fd0000)
libnghttp2.so.14 => /usr/lib/libnghttp2.so.14 (0x00007fe069dab000)
libidn2.so.0 => /usr/lib/libidn2.so.0 (0x00007fe069b8e000)
libpsl.so.5 => /usr/lib/libpsl.so.5 (0x00007fe069980000)
libssl.so.1.1 => /usr/lib/libssl.so.1.1 (0x00007fe069716000)
libcrypto.so.1.1 => /usr/lib/libcrypto.so.1.1 (0x00007fe069299000)
libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0x00007fe06904b000)
libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0x00007fe068d63000)
libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0x00007fe068b30000)
libcom_err.so.2 => /usr/lib/libcom_err.so.2 (0x00007fe06892c000)
libz.so.1 => /usr/lib/libz.so.1 (0x00007fe068715000)
/lib64/ld-linux-x86-64.so.2 => /usr/lib64/ld-linux-x86-64.so.2 (0x00007fe06aa4a000)
libunistring.so.2 => /usr/lib/libunistring.so.2 (0x00007fe068393000)
libdl.so.2 => /usr/lib/libdl.so.2 (0x00007fe06818f000)
libkrb5support.so.0 => /usr/lib/libkrb5support.so.0 (0x00007fe067f82000)
libkeyutils.so.1 => /usr/lib/libkeyutils.so.1 (0x00007fe067d7e000)
libresolv.so.2 => /usr/lib/libresolv.so.2 (0x00007fe067b67000)
Estou por trás do proxy
$ proxytunnel -p PROXY_IP:PROXY_PORT -d www.google.com:443 -a 7000
$ openssl s_client -connect localhost:7000
CONNECTED(00000003)
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
verify return:1
depth=1 C = US, O = Google Inc, CN = Google Internet Authority G2
verify return:1
depth=0 C = US, ST = California, L = Mountain View, O = Google Inc, CN = www.google.com
verify return:1
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com
i:/C=US/O=Google Inc/CN=Google Internet Authority G2
1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2
i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEdjCCA16gAwIBAgIINC+Y7yLd9OswDQYJKoZIhvcNAQELBQAwSTELMAkGA1UE
BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl
cm5ldCBBdXRob3JpdHkgRzIwHhcNMTgwMjA3MjExMzI5WhcNMTgwNTAyMjExMTAw
WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN
TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UEAwwOd3d3
Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7lAOc
gsUECzoiJfpnAtq9qxAeTWBS8KYCd3ESvd7255YXW8FUiGTj9MYSSJ3OlYQvvU1I
NmnIXNU7BnhUBbY1kW4+GXc5RimwiIW5VsWftt1XOVZh5mR08DhYQjdQqI3IhK6r
FTS6/6BvFcjWMT/rVQv59XDaQLqWXSomEzOr1vDRXZSbAPr+YAGKUj+K0TjgZNW1
8xo8Lyp8kDjFxrWaThfwFMosbFw5HnnzpT1WSHfmXmF1mvvk4cJ+U2m3+K2pRki8
nNnWafLPdT408XoXrbWLVeEVSIQQH5z93uoj5lESal05pnOY5yYUJ+vmHdY7jOBh
sT9HaGzl3kD2J+1BAgMBAAGjggFBMIIBPTATBgNVHSUEDDAKBggrBgEFBQcDATAZ
BgNVHREEEjAQgg53d3cuZ29vZ2xlLmNvbTBoBggrBgEFBQcBAQRcMFowKwYIKwYB
BQUHMAKGH2h0dHA6Ly9wa2kuZ29vZ2xlLmNvbS9HSUFHMi5jcnQwKwYIKwYBBQUH
MAGGH2h0dHA6Ly9jbGllbnRzMS5nb29nbGUuY29tL29jc3AwHQYDVR0OBBYEFNGB
jzGWH9WkzeHj88QOo3gBTBs+MAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUSt0G
Fhu89mi1dvWBtrtiGrpagS8wIQYDVR0gBBowGDAMBgorBgEEAdZ5AgUBMAgGBmeB
DAECAjAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lB
RzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQBxOxsCFg7RIa0zVDI0N9rTNaPopqX9
yrIlK1u+C2ohrg5iF5XlTEzTuH43D/J0Lz550D9Cft4s6lWaNKpVDhNivEy2nzK5
ekuQKYtoQlIyfUnD5GnGZyr3m2AcMFnAAhlXVbyiJk0VNLDGCMVBaOuL/yT8X5dQ
j8MrKSvZRaUt2oixE7fKGNv5nhs0wuHu1TEU/8R5UMxbJs8knMZsRcfsvzjXpEHC
guA54xPnLFiU0QTw4GIFi5nDvfR5cF2UAJZNIF4o4sr4DB8+X7DWtBmMNHuR4Cpn
HEdlVzOA7BAGx8yO6AddwJo8AlxviCaPol1xPB8uJCGh/U0/7XhtR93S
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com
issuer=/C=US/O=Google Inc/CN=Google Internet Authority G2
---
No client certificate CA names sent
Peer signing digest: SHA256
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3790 bytes and written 261 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-CHACHA20-POLY1305
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-CHACHA20-POLY1305
Session-ID: BEE4D8162570B4AB0C8121DEC5756B6DC063DB3E7321BB58FD12D566482AD99A
Session-ID-ctx:
Master-Key: B050C78AAC1A0DF5063263DDCD3437CD3A4029E7D5431E236936D2D88AAAD2555A18D92318C9E2E31A550E339D4C26A8
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 100800 (seconds)
TLS session ticket:
0000 - 00 41 04 37 20 26 a1 bc-2b d0 86 8c 6b a5 74 ef .A.7 &..+...k.t.
0010 - 5c 82 0e d3 ec f7 97 0f-a9 9c cb e8 69 a8 0d 67 \...........i..g
0020 - 13 10 87 ec 22 da 60 d3-9b 98 f2 a4 ce 93 95 1c ....".'.........
0030 - 8f fa 71 57 b9 d9 9b 9f-14 9e 37 95 e5 70 e8 70 ..qW......7..p.p
0040 - 4b f5 ff c4 79 b6 f8 9c-32 f2 2a 13 81 1c 5b 9c K...y...2.*...[.
0050 - f3 52 26 df e6 8c db bd-23 c9 24 3e 46 8c 99 9a .R&.....#.$>F...
0060 - 13 53 69 5e 5d 2c c1 0f-e4 6d de df a9 33 af d9 .Si^],...m...3..
0070 - 1f 89 e7 c1 d9 8a d1 05-1a 88 c2 27 e2 0a 56 0f ...........'..V.
0080 - 40 ec 5c ed a3 ca f4 1e-f8 83 85 3b 7e 22 7d f5 @.\........;~"}.
0090 - b4 b7 96 a5 ca 27 4b 40-61 88 9d 58 d3 d6 e9 e7 .....'[email protected]....
00a0 - 1f 72 7c bf 25 24 f6 ab-83 a1 90 ae 97 92 d8 40 .r|.%$.........@
00b0 - 14 3b 5d 07 cd 5a 79 bc-eb 6b ae 66 f1 42 0c 11 .;]..Zy..k.f.B..
00c0 - a5 7e 68 f9 c1 51 6f 3d-7e f9 28 79 2a 32 d5 ea .~h..Qo=~.(y*2..
00d0 - 90 4f ee 2c 84 ac 66 0b-8d dc .O.,..f...
Start Time: 1519286347
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: yes
---
read:errno=0
Qual é a solução?
Atualizar
Confirmar isso é necessariamente um problema de ondulação. Eu desligo o proxy e conecto diretamente curl https funciona. Eu configurei qualquer outro ip e porta do servidor proxy do link e tente conectar o curl por meio do proxy. Eu recebo o mesmo erro. Portanto, ou essa versão curl tem um bug ou muitos servidores proxy estão configurados incorretamente.
Atualizar
Acho que o problema está relacionado a Deepin
DE. Eu mudei do Deeping Desktop Environment para o Standard Gnome e o curl começou a funcionar bem. Possivelmente este é um bug relacionado às configurações de rede do Deepin. Embora defina as variáveis de ambiente corretamente.