Can no longer update using GIT
-
@wayne-workman said in Can no longer update using GIT:
curl https://github.com/
[root@DO-FOG-02 fogproject]# curl https://github.com/
curl: (35) SSL connect error -
@cjp82placer Next, on your fog server try this one:
curl https://www.google.com/
-
What’s your machine’s timestamp compared to an atomic clock?
Atomic clock can be found here: https://www.time.gov/
Of course your timezone will adjust slightly, but the main point is you cannot be more or less than 5 minutes of the atomic clocks (typically) as that will cause the SSL cert to be invalidated (hence the ssl error you’re seeing.) Of course there could be many other reasons to what’s causing this, but I would recommend checking the time first as its the simplest course of action.
-
@wayne-workman No error with this command.
-
@tom-elliott I am within seconds of the Atomic clock, but the time was off at one point in my troubleshooting.
-
@cjp82placer Ok since the time has changed - rerun those commands to see if the issue is resolved or not. Also, add a ping command which will test DNS resolution:
# Just check if the curl succeeds or not. curl https://github.com/ > /dev/null 2>&1;echo $? # Just check if the curl succeeds or not. curl https://www.google.com/ > /dev/null 2>&1;echo $? # test dns resolution of google. ping -c 4 google.com # test dns resolution of github ping -c 4 github.com # Directly ping one of github's IPs ping -c 4 192.30.253.113
-
@wayne-workman Here are the results; the pings were all successful but the curl command is still failing as is the git pull command.
[root@DO-FOG-02 fogproject]# curl https://github.com/ > /dev/null 2>&1;echo $?
35[root@DO-FOG-02 fogproject]# curl https://www.google.com/ > /dev/null 2>&1;echo $?
0[root@DO-FOG-02 fogproject]# ping -c 4 google.com
PING google.com (216.58.195.78) 56(84) bytes of data.
64 bytes from sfo07s16-in-f14.1e100.net (216.58.195.78): icmp_seq=1 ttl=52 time=11.7 ms
64 bytes from sfo07s16-in-f14.1e100.net (216.58.195.78): icmp_seq=2 ttl=52 time=11.7 ms
64 bytes from sfo07s16-in-f14.1e100.net (216.58.195.78): icmp_seq=3 ttl=52 time=11.6 ms
64 bytes from sfo07s16-in-f14.1e100.net (216.58.195.78): icmp_seq=4 ttl=52 time=11.7 ms— google.com ping statistics —
4 packets transmitted, 4 received, 0% packet loss, time 3014ms
rtt min/avg/max/mdev = 11.695/11.730/11.748/0.079 ms[root@DO-FOG-02 fogproject]# ping -c 4 github.com
PING github.com (192.30.255.113) 56(84) bytes of data.
64 bytes from lb-192-30-255-113-sea.github.com (192.30.255.113): icmp_seq=1 ttl=47 time=29.7 ms
64 bytes from lb-192-30-255-113-sea.github.com (192.30.255.113): icmp_seq=2 ttl=47 time=29.7 ms
64 bytes from lb-192-30-255-113-sea.github.com (192.30.255.113): icmp_seq=3 ttl=47 time=29.8 ms
64 bytes from lb-192-30-255-113-sea.github.com (192.30.255.113): icmp_seq=4 ttl=47 time=29.8 ms— github.com ping statistics —
4 packets transmitted, 4 received, 0% packet loss, time 3035ms
rtt min/avg/max/mdev = 29.789/29.810/29.846/0.212 ms[root@DO-FOG-02 fogproject]# ping -c 4 192.30.253.113
PING 192.30.253.113 (192.30.253.113) 56(84) bytes of data.
64 bytes from 192.30.253.113: icmp_seq=1 ttl=46 time=88.1 ms
64 bytes from 192.30.253.113: icmp_seq=2 ttl=46 time=88.1 ms
64 bytes from 192.30.253.113: icmp_seq=3 ttl=46 time=88.2 ms
64 bytes from 192.30.253.113: icmp_seq=4 ttl=46 time=88.1 ms— 192.30.253.113 ping statistics —
4 packets transmitted, 4 received, 0% packet loss, time 3091ms
rtt min/avg/max/mdev = 88.117/88.167/88.221/0.365 ms
[root@DO-FOG-02 fogproject]# curl https://github.com/
curl: (35) SSL connect error -
@cjp82placer Do you have a web filter of any kind? You should check it to see if it’s blocking github.
-
@cjp82placer Possibly some kind of reverse SSL proxy within your network that is intercepting and maybe filtering all HTTPS connections?
-
What OS and version are you running?
What does
curl https://github.com --cipher rsa_aes_128_sha
get you.Curl error 35 is:
"Cannot communicate securely with peer: no common encryption algorithm(s)." The local and remote systems share no cipher suites in common. This can be due to a misconfiguration at either end. It can be due to a server being misconfigured to use a non-RSA certificate with the RSA key exchange algorithm.
Also try
curl https://github.com -v
it should give us more info -
@quazz said in Can no longer update using GIT:
curl https://github.com -v
[root@DO-FOG-02 fogproject]# curl https://github.com -v
- About to connect() to github.com port 443 (#0)
- Trying 192.30.255.112… connected
- Connected to github.com (192.30.255.112) port 443 (#0)
- Initializing NSS with certpath: sql:/etc/pki/nssdb
- CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none - NSS error -12190
- Closing connection #0
- SSL connect error
curl: (35) SSL connect error
I am using CENTOS 6.7
-
@quazz Update… Updating cURL was the answer.
libcurl-7.19.7-52.el6.x86_64 already installed and latest version
Nothing to doUpgraded to : [root@DO-FOG-02 yum.repos.d]# curl --version
curl 7.61.0 (x86_64-redhat-linux-gnu) libcurl/7.61.0 OpenSSL/1.0.1e zlib/1.2.3 c-ares/1.14.0 libssh2/1.8.0 nghttp2/1.6.0
Release-Date: 2018-07-11