SSL error on one system, no error on another

berndbausch · 07-22-2019, 09:23 PM

My goal is to install Devstack from its Git repo. Ubuntu 18.04 is recommended as the best platform for Devstack, but cloning the repo fails on my two 18.04 servers. It succeeds on other servers, Fedora 28 and Ubuntu 16.04. The problem seems to be related to SSL, which I am not that familiar with. What steps do you suggest?

Details:

On Ubuntu 18.04, running in a KVM VM on a bridged network:

Code:

$ curl  https://opendev.org/openstack/devstack.git
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to opendev.org:443

On Ubuntu 16.04, running in a KVM VM on the same VM host and the same bridged network:

Code:

$ curl  https://opendev.org/openstack/devstack.git 
<!DOCTYPE html>
<html lang="en-US">
<head data-suburl="">
... etc ...

ping proves that both servers have connectivity to opendev.org. Strangely, the 18.04 server seems to have no problems with other https web sites; only with opendev.org.

Both servers have just been installed from an ISO plus apt upgrade. Here is my 18.04 netplan configuration:

Code:

$ cat /etc/netplan/10-network.yaml
network:
  version: 2
  renderer: networkd
  ethernets:
    ens3:
      addresses:
        - 192.168.1.200/24
      gateway4: 192.168.1.1
      nameservers:
          search: [home]
          addresses: [192.168.1.16, 1.1.1.1]

By the way, I have another 18.04 VM, this one running on VirtualBox on a Windows PC; it is also unable to clone the git repo. Same symptoms.

scasey · 07-23-2019, 03:47 PM

Check/compare the curl configurations, perhaps? Just a guess.

berndbausch · 07-23-2019, 10:54 PM

Thanks Sean. It's not just curl; also the git clone command is unable to get data from that site.

Or rather, was unable. This morning it works. Must have been a glitch on that site that only affected Ubuntu 18.04. Rather than attempting to understand an old problem that solved itself, I will just clone my Git repo and move on.

Meanwhile, I learned that curl has a -v option, which can be useful, and that openssl s_client -connect opendev.org:443 is another option to troubleshoot access to HTTPS sites.