edbrowse-dev - development list for edbrowse
 help / color / mirror / Atom feed
* [edbrowse-dev] building on ubuntu
@ 2019-09-02  6:32 Kevin Carhart
  2019-09-02  7:27 ` Karl Dahlke
  0 siblings, 1 reply; 6+ messages in thread
From: Kevin Carhart @ 2019-09-02  6:32 UTC (permalink / raw)
  To: Edbrowse-dev


Hi Geoff

I have hit these SSL/curl errors a few times when building on ubuntu and I 
saved some notes of how I got it to work.  I am not sure I recognize 
ComSign_CA.pem so maybe you are hitting something a little different - 
not sure, but here is what I recorded in May:

20190519112839 - Ugh, openssl error with some combination of curl, wget 
and edbrowse.  I did actually find out that it works if you send certain 
arguments to configure:
cd ~
sudo apt-get build-dep curl
wget http://curl.haxx.se/download/curl-7.46.0.tar.bz2
tar -xvjf curl-7.46.0.tar.bz2
cd curl-7.46.0
./configure --with-nghttp2 --with-ssl --with-libssl-prefix=/usr/local/ssl
make
sudo make install
sudo ldconfig
20190519112951 - Basically, you have to build both from source.  For curl, 
you have to use the above.  The whole thing is written up at 
https://askubuntu.com/questions/475670/how-to-build-curl-with-the-latest-openssl/475677


^ permalink raw reply	[flat|nested] 6+ messages in thread

* [edbrowse-dev] building on ubuntu
  2019-09-02  6:32 [edbrowse-dev] building on ubuntu Kevin Carhart
@ 2019-09-02  7:27 ` Karl Dahlke
  2019-09-02 16:13   ` Kevin Carhart
  0 siblings, 1 reply; 6+ messages in thread
From: Karl Dahlke @ 2019-09-02  7:27 UTC (permalink / raw)
  To: Edbrowse-dev

This isn't the problem Geoff was running into; his is much easier to deal with.
I know the one you're talking about though; see the README file line 73.
You don't need edbrowse to diagnose it; a ssimple test is
	        curl https://weloveanimals.me
You get the website or the communication error.
curl doesn't fail on too many websites, but if it's the one you really want to go to, well ...
And obviously edbrowse can't do a thing about it.
I'll add your notes to the README on rebuilding curl from source, if people want to do that, and even I might,
cause I also have one of those unfortunate distributions where curl is bound to gnutls instead of openssl.

Karl Dahlke

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [edbrowse-dev] building on ubuntu
  2019-09-02  7:27 ` Karl Dahlke
@ 2019-09-02 16:13   ` Kevin Carhart
  2019-09-02 19:24     ` Geoff McLane
  0 siblings, 1 reply; 6+ messages in thread
From: Kevin Carhart @ 2019-09-02 16:13 UTC (permalink / raw)
  To: Karl Dahlke; +Cc: Edbrowse-dev


I'm glad we have a little knowledge base going so it can become easier in 
the future. I remember you were writing about this a while ago.


On Mon, 2 Sep 2019, Karl Dahlke wrote:

> This isn't the problem Geoff was running into; his is much easier to deal with.
> I know the one you're talking about though; see the README file line 73.
> You don't need edbrowse to diagnose it; a ssimple test is
> 	        curl https://weloveanimals.me
> You get the website or the communication error.
> curl doesn't fail on too many websites, but if it's the one you really want to go to, well ...
> And obviously edbrowse can't do a thing about it.
> I'll add your notes to the README on rebuilding curl from source, if people want to do that, and even I might,
> cause I also have one of those unfortunate distributions where curl is bound to gnutls instead of openssl.
>
> Karl Dahlke
>

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [edbrowse-dev] building on ubuntu
  2019-09-02 16:13   ` Kevin Carhart
@ 2019-09-02 19:24     ` Geoff McLane
  2019-09-03  0:17       ` Karl Dahlke
  0 siblings, 1 reply; 6+ messages in thread
From: Geoff McLane @ 2019-09-02 19:24 UTC (permalink / raw)
  Cc: Edbrowse-dev

Hi Karl,

I do not exactly understand your 'gnutls' vs 'openssl'...

My Ubuntu 18.04.3 LTS sports -
~/Documents/edbrowse$ curl --version
curl 7.58.0 (x86_64-pc-linux-gnu) libcurl/7.58.0 OpenSSL/1.1.1 
zlib/1.2.11 libidn2/2.0.4 libpsl/0.19.1 (+libidn2/2.0.4) nghttp2/1.30.0 
librtmp/2.3
Release-Date: 2018-01-24
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps 
pop3 pop3s rtmp rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM 
NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL

which specifically mentions 'OpenSSL/1.1.1'...

And using $ ldd /usr/bin/curl ... for SSL it shows -
     libssl.so.1.1 => /usr/lib/x86_64-linux-gnu/libssl.so.1.1 
(0x00007f8f5db4b000)

And more ~/Documents/edbrowse$ openssl version
OpenSSL 1.1.1  11 Sep 2018

So unsure where 'gnutls' comes into this...

As reported -
  $ curl https://weloveanimals.me
seems to work fine for me...

But, yes Kevin, having `a little knowledge base going` is always a good 
thing...
be it emails, lists, issues, README, google, whatever... It is always 
how to organize,
such that 'it' can be found, remembered, when next encountered... that 
is identifying
the 'it'...

Regards, Geoff.



^ permalink raw reply	[flat|nested] 6+ messages in thread

* [edbrowse-dev] building on ubuntu
  2019-09-02 19:24     ` Geoff McLane
@ 2019-09-03  0:17       ` Karl Dahlke
  2019-09-03  5:52         ` Dominique Martinet
  0 siblings, 1 reply; 6+ messages in thread
From: Karl Dahlke @ 2019-09-03  0:17 UTC (permalink / raw)
  To: Edbrowse-dev

> I do not exactly understand your 'gnutls' vs 'openssl'...

Guess what, neither do I.
We convinced ourselves a year ago that was the problem, but ldd clearly shows my curl linking to openssl, and
curl https://weloveanimals.me
fails on my machine; I switch to another machine, still curl + openssl, and it works.
So we still don't understand it at all.
I wish we did.

Karl Dahlke

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [edbrowse-dev] building on ubuntu
  2019-09-03  0:17       ` Karl Dahlke
@ 2019-09-03  5:52         ` Dominique Martinet
  0 siblings, 0 replies; 6+ messages in thread
From: Dominique Martinet @ 2019-09-03  5:52 UTC (permalink / raw)
  To: Edbrowse-dev

Karl Dahlke wrote on Mon, Sep 02, 2019:
> > I do not exactly understand your 'gnutls' vs 'openssl'...
> 
> Guess what, neither do I.
> We convinced ourselves a year ago that was the problem, but ldd clearly shows my curl linking to openssl, and
> curl https://weloveanimals.me
> fails on my machine; I switch to another machine, still curl + openssl, and it works.
> So we still don't understand it at all.
> I wish we did.

Hmm, I thought it could be that debian raised the minimum tls version in
/etc/ssl/openssl.cnf a year ago or two (MinProtocol = TLSv1.2 in
[system_default_sect] section of the file), but that website appears to
support older protocols as well if I try to force these with the openssl
s_client command...

I can connect to it just fine using gnutls-cli as well so it might be
something specific to a precise version of debian (tested on a
recent-ish buster).
Possibly the certificate authority (CA) that this website uses is not
bundled by debian? But then I don't see what rebuilding curl would help
you with in that case, Kevin might have had a different issue that
needed him to rebuild curl.

-- 
Dominique

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2019-09-03  6:01 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-09-02  6:32 [edbrowse-dev] building on ubuntu Kevin Carhart
2019-09-02  7:27 ` Karl Dahlke
2019-09-02 16:13   ` Kevin Carhart
2019-09-02 19:24     ` Geoff McLane
2019-09-03  0:17       ` Karl Dahlke
2019-09-03  5:52         ` Dominique Martinet

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).