Experimental Physics and
Industrial Control System

On 06/12, Johnson, Andrew N. wrote:
> I think that's an Argonne-specific issue, I can get to the documentation URL from my phone but only when I'm not connected through Argonne's network. Using curl -v my workstation shows this, which I don't claim to understand:
> tux% curl -v https://goetzpf.bitbucket.io/rsync-dist
> * About to connect() to proxy XXXX.anl.gov port XXXX (#0)
> *   Trying XXXX...
> * Connected to XXXX.anl.gov (XXXX) port XXXX (#0)
> * Establish HTTP proxy tunnel to goetzpf.bitbucket.io:443
> > CONNECT goetzpf.bitbucket.io:443 HTTP/1.1
> > Host: goetzpf.bitbucket.io:443
> > User-Agent: curl/7.29.0
> > Proxy-Connection: Keep-Alive
> >
> < HTTP/1.0 200 Connection established
> <
> * Proxy replied OK to CONNECT request
> * Initializing NSS with certpath: sql:/etc/pki/nssdb
> *   CAfile: /etc/pki/tls/certs/ca-bundle.crt
>   CApath: none
> * NSS error -12263 (SSL_ERROR_RX_RECORD_TOO_LONG)
> * SSL received a record that exceeded the maximum permissible length.
> * Closing connection 0
> curl: (35) SSL received a record that exceeded the maximum permissible length.
> 
> I filed a ticket for the problem earlier, haven't heard back about it yet though.

Hmm, indeed; thanks for the info!

I actually get a different failure:

----
$ curl -Iv https://goetzpf.bitbucket.io/rsync-dist
*   Trying 146.139.125.18...
* TCP_NODELAY set
* Connected to goetzpf.bitbucket.io (146.139.125.18) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number
* stopped the pause stream!
* Closing connection 0
curl: (35) error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number
----

Investigating a little more, I noticed that goetzpf.bitbucket.io does
not seem to be resolving correctly from the ANL network:

----
$ host goetzpf.bitbucket.io
goetzpf.bitbucket.io is an alias for honeypot.anl.gov.
honeypot.anl.gov has address 146.139.125.18
----

So, ANL is hijacking DNS again and messing things up. :-(

Of course, resolving goetzpf.bitbucket.io off-site works correctly.

Lewis

References:

updated download link for rsync-dist (from talk at EPICS Meeting 2019) Goetz Pfeiffer via Tech-talk

Re: updated download link for rsync-dist (from talk at EPICS Meeting 2019) J. Lewis Muir via Tech-talk

Re: updated download link for rsync-dist (from talk at EPICS Meeting 2019) Johnson, Andrew N. via Tech-talk

Navigate by Date:

Prev: Re: updated download link for rsync-dist (from talk at EPICS Meeting 2019) Johnson, Andrew N. via Tech-talk

Next: Re: Asyn 4-35 IOC upgrade misbehavior Mark Rivers via Tech-talk

Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  <2019>  2020  2021  2022  2023  2024 

Navigate by Thread:

Prev: Re: updated download link for rsync-dist (from talk at EPICS Meeting 2019) Johnson, Andrew N. via Tech-talk

Next: [AsynDriver] getAddress and callbacks Joao Afonso via Tech-talk

Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  <2019>  2020  2021  2022  2023  2024