On 06/12, Johnson, Andrew N. wrote:
> I think that's an Argonne-specific issue, I can get to the documentation URL from my phone but only when I'm not connected through Argonne's network. Using curl -v my workstation shows this, which I don't claim to understand:
> tux% curl -v https://goetzpf.bitbucket.io/rsync-dist
> * About to connect() to proxy XXXX.anl.gov port XXXX (#0)
> * Trying XXXX...
> * Connected to XXXX.anl.gov (XXXX) port XXXX (#0)
> * Establish HTTP proxy tunnel to goetzpf.bitbucket.io:443
> > CONNECT goetzpf.bitbucket.io:443 HTTP/1.1
> > Host: goetzpf.bitbucket.io:443
> > User-Agent: curl/7.29.0
> > Proxy-Connection: Keep-Alive
> >
> < HTTP/1.0 200 Connection established
> <
> * Proxy replied OK to CONNECT request
> * Initializing NSS with certpath: sql:/etc/pki/nssdb
> * CAfile: /etc/pki/tls/certs/ca-bundle.crt
> CApath: none
> * NSS error -12263 (SSL_ERROR_RX_RECORD_TOO_LONG)
> * SSL received a record that exceeded the maximum permissible length.
> * Closing connection 0
> curl: (35) SSL received a record that exceeded the maximum permissible length.
>
> I filed a ticket for the problem earlier, haven't heard back about it yet though.
Hmm, indeed; thanks for the info!
I actually get a different failure:
----
$ curl -Iv https://goetzpf.bitbucket.io/rsync-dist
* Trying 146.139.125.18...
* TCP_NODELAY set
* Connected to goetzpf.bitbucket.io (146.139.125.18) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number
* stopped the pause stream!
* Closing connection 0
curl: (35) error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number
----
Investigating a little more, I noticed that goetzpf.bitbucket.io does
not seem to be resolving correctly from the ANL network:
----
$ host goetzpf.bitbucket.io
goetzpf.bitbucket.io is an alias for honeypot.anl.gov.
honeypot.anl.gov has address 146.139.125.18
----
So, ANL is hijacking DNS again and messing things up. :-(
Of course, resolving goetzpf.bitbucket.io off-site works correctly.
Lewis
- References:
- updated download link for rsync-dist (from talk at EPICS Meeting 2019) Goetz Pfeiffer via Tech-talk
- Re: updated download link for rsync-dist (from talk at EPICS Meeting 2019) J. Lewis Muir via Tech-talk
- Re: updated download link for rsync-dist (from talk at EPICS Meeting 2019) Johnson, Andrew N. via Tech-talk
- Navigate by Date:
- Prev:
Re: updated download link for rsync-dist (from talk at EPICS Meeting 2019) Johnson, Andrew N. via Tech-talk
- Next:
Re: Asyn 4-35 IOC upgrade misbehavior Mark Rivers via Tech-talk
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
<2019>
2020
2021
2022
2023
2024
- Navigate by Thread:
- Prev:
Re: updated download link for rsync-dist (from talk at EPICS Meeting 2019) Johnson, Andrew N. via Tech-talk
- Next:
[AsynDriver] getAddress and callbacks Joao Afonso via Tech-talk
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
<2019>
2020
2021
2022
2023
2024
|