Opened 4 days ago

Last modified 43 hours ago

#66750 assigned defect

aom failed to download because of tlsv1 alter internal error

Reported by: pinxue (品雪) Owned by: MarcusCalhoun-Lopez (Marcus Calhoun-Lopez)
Priority: Normal Milestone:
Component: ports Version: 2.8.0
Keywords: ventura Cc:
Port: aom

Description

System: Ventura 13.1 (22C65) Darwin version 22.2.0; root:xnu-8792.61.2~4/RELEASE_ARM64_T6000 arm64 MacPorts 2.8.0

I still have this issue, with tlsv1 alter internal error:

:notice:fetch --->  Fetching distfiles for aom
:debug:fetch Executing org.macports.fetch (aom)
:debug:fetch Executing: /usr/bin/git clone --progress https://aomedia.googlesource.com/aom.git /opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_multimedia_aom/aom/work/aom-3.5.0 2>&1
:debug:fetch system: /usr/bin/git clone --progress https://aomedia.googlesource.com/aom.git /opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_multimedia_aom/aom/work/aom-3.5.0 2>&1
:info:fetch Cloning into '/opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_multimedia_aom/aom/work/aom-3.5.0'...
:info:fetch fatal: unable to access 'https://aomedia.googlesource.com/aom.git/': error:1404B438:SSL routines:ST_CONNECT:tlsv1 alert internal error
:info:fetch Command failed: /usr/bin/git clone --progress https://aomedia.googlesource.com/aom.git /opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_multimedia_aom/aom/work/aom-3.5.0 2>&1
:info:fetch Exit code: 128
:error:fetch Failed to fetch aom: Git clone failed
:debug:fetch Error code: NONE
:debug:fetch Backtrace: Git clone failed
:debug:fetch     while executing
:debug:fetch "gitfetch"
:debug:fetch     (procedure "portfetch::fetch_main" line 14)
:debug:fetch     invoked from within
:debug:fetch "$procedure $targetname"

It seems a certificate config issue.

curl info:

curl -v https://aomedia.googlesource.com/aom.git/
*   Trying 64.190.63.111:443...
* Connected to aomedia.googlesource.com (64.190.63.111) port 443 (#0)
* found 139 certificates in /opt/local/share/curl/curl-ca-bundle.crt
* GnuTLS ciphers: NORMAL:-ARCFOUR-128:-CTYPE-ALL:+CTYPE-X509:-VERS-SSL3.0
* ALPN: offers h2
* ALPN: offers http/1.1
* gnutls_handshake() failed: Internal error
* Closing connection 0
curl: (35) gnutls_handshake() failed: Internal error

Tried to access the git repo on a Linux box works:

curl -v https://aomedia.googlesource.com/aom.git/
*   Trying 2607:f8b0:4023:c0b::52:443...
* Connected to aomedia.googlesource.com (2607:f8b0:4023:c0b::52) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=*.googlecode.com
*  start date: Jan  2 08:18:33 2023 GMT
*  expire date: Mar 27 08:18:32 2023 GMT
*  subjectAltName: host "aomedia.googlesource.com" matched cert's "*.googlesource.com"
*  issuer: C=US; O=Google Trust Services LLC; CN=GTS CA 1C3
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x560779009ad0)
> GET /aom.git/ HTTP/2
> Host: aomedia.googlesource.com
> user-agent: curl/7.74.0
> accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
< HTTP/2 200

Change History (5)

comment:1 Changed 4 days ago by jmroot (Joshua Root)

Owner: set to MarcusCalhoun-Lopez
Status: newassigned

comment:2 Changed 3 days ago by kencu (Ken)

worked OK for me:

DEBUG: dropping privileges: euid changed to 502, egid changed to 501.
DEBUG: Starting logging for aom @3.5.0_0
DEBUG: macOS 13.1 (darwin/22.2.0) arch arm
DEBUG: MacPorts 2.8.0
DEBUG: Xcode 14.2, CLT 14.2.0.0.1.1668646533
DEBUG: SDK 13
DEBUG: MACOSX_DEPLOYMENT_TARGET: 13.0
DEBUG: Found Dependency: path: /usr/bin filename: git regex: ^git$
--->  Computing dependencies for aom
DEBUG: Found Dependency: path: /usr/bin filename: git regex: ^git$
DEBUG: Searching for dependency: git
DEBUG: Didn't find receipt, going to depspec regex for: git
DEBUG: Found Dependency: path: /usr/bin filename: git regex: ^git$
DEBUG: Executing org.macports.main (aom)
DEBUG: dropping privileges: euid changed to 502, egid changed to 501.
DEBUG: fetch phase started at Mon Jan 23 21:02:27 PST 2023
--->  Fetching distfiles for aom
DEBUG: Executing org.macports.fetch (aom)
DEBUG: Executing: /usr/bin/git clone --progress https://aomedia.googlesource.com/aom.git /opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_multimedia_aom/aom/work/aom-3.5.0 2>&1
DEBUG: system: /usr/bin/git clone --progress https://aomedia.googlesource.com/aom.git /opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_multimedia_aom/aom/work/aom-3.5.0 2>&1
Cloning into '/opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_multimedia_aom/aom/work/aom-3.5.0'...
remote: Total 256983 (delta 203303), reused 256983 (delta 203303)         
Receiving objects: 100% (256983/256983), 357.41 MiB | 8.67 MiB/s, done.
Resolving deltas: 100% (203303/203303), done.
DEBUG: Executing GIT_DIR=/opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_multimedia_aom/aom/work/aom-3.5.0/.git GIT_WORK_TREE=/opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_multimedia_aom/aom/work/aom-3.5.0 /usr/bin/git checkout -q v3.5.0 2>&1
DEBUG: system: GIT_DIR=/opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_multimedia_aom/aom/work/aom-3.5.0/.git GIT_WORK_TREE=/opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_multimedia_aom/aom/work/aom-3.5.0 /usr/bin/git checkout -q v3.5.0 2>&1

and the files are there:

% ls -la
total 8
drwxr-xr-x   6 macports  wheel   192 23 Jan 21:02 .
drwxr-xr-x   3 macports  wheel    96 23 Jan 21:02 ..
drwxr-xr-x   2 macports  wheel    64 23 Jan 21:02 .home
-rw-r--r--   1 macports  wheel   113 23 Jan 21:03 .macports.aom.state
drwxr-xr-x   2 macports  wheel    64 23 Jan 21:02 .tmp
drwxr-xr-x  40 macports  wheel  1280 23 Jan 21:03 aom-3.5.0

% cd aom*
% ls

AUTHORS			PATENTS			aom_dsp			aom_util		build			docs.cmake		mainpage.dox		tools
CHANGELOG		README.md		aom_mem			aomedia_logo_200.png	codereview.settings	examples		stats			usage.dox
CMakeLists.txt		Sample.cfg		aom_ports		apps			common			keywords.dox		test			usage_cx.dox
LICENSE			aom			aom_scale		av1			doc			libs.doxy_template	third_party		usage_dx.dox

comment:3 Changed 3 days ago by MarcusCalhoun-Lopez (Marcus Calhoun-Lopez)

I am afraid I cannot reproduce this problem either.
Is there anything about your system that might be causing these errors?
Perhaps the server was just temporarily down?

comment:4 Changed 46 hours ago by pinxue (品雪)

It is not the problem of the server, error is consistent and my Linux vps may clone the repo at same time.

Maybe the system environment issue, any clue for further investigation?

comment:5 Changed 43 hours ago by kencu (Ken)

instead of

curl -v https://aomedia.googlesource.com/aom.git/

force the system curl

/usr/bin/curl -v https://aomedia.googlesource.com/aom.git/

and see if that works.

Note: See TracTickets for help on using tickets.