aom failed to download because of tlsv1 alter internal error

[pinxue (品雪)]

System: Ventura 13.1 (22C65) Darwin version 22.2.0; root:xnu-8792.61.2~4/RELEASE_ARM64_T6000 arm64 MacPorts 2.8.0

I still have this issue, with tlsv1 alter internal error:

:notice:fetch --->  Fetching distfiles for aom
:debug:fetch Executing org.macports.fetch (aom)
:debug:fetch Executing: /usr/bin/git clone --progress https://aomedia.googlesource.com/aom.git /opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_multimedia_aom/aom/work/aom-3.5.0 2>&1
:debug:fetch system: /usr/bin/git clone --progress https://aomedia.googlesource.com/aom.git /opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_multimedia_aom/aom/work/aom-3.5.0 2>&1
:info:fetch Cloning into '/opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_multimedia_aom/aom/work/aom-3.5.0'...
:info:fetch fatal: unable to access 'https://aomedia.googlesource.com/aom.git/': error:1404B438:SSL routines:ST_CONNECT:tlsv1 alert internal error
:info:fetch Command failed: /usr/bin/git clone --progress https://aomedia.googlesource.com/aom.git /opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_multimedia_aom/aom/work/aom-3.5.0 2>&1
:info:fetch Exit code: 128
:error:fetch Failed to fetch aom: Git clone failed
:debug:fetch Error code: NONE
:debug:fetch Backtrace: Git clone failed
:debug:fetch     while executing
:debug:fetch "gitfetch"
:debug:fetch     (procedure "portfetch::fetch_main" line 14)
:debug:fetch     invoked from within
:debug:fetch "$procedure $targetname"

It seems a certificate config issue.

curl info:

curl -v https://aomedia.googlesource.com/aom.git/
*   Trying 64.190.63.111:443...
* Connected to aomedia.googlesource.com (64.190.63.111) port 443 (#0)
* found 139 certificates in /opt/local/share/curl/curl-ca-bundle.crt
* GnuTLS ciphers: NORMAL:-ARCFOUR-128:-CTYPE-ALL:+CTYPE-X509:-VERS-SSL3.0
* ALPN: offers h2
* ALPN: offers http/1.1
* gnutls_handshake() failed: Internal error
* Closing connection 0
curl: (35) gnutls_handshake() failed: Internal error

Tried to access the git repo on a Linux box works:

curl -v https://aomedia.googlesource.com/aom.git/
*   Trying 2607:f8b0:4023:c0b::52:443...
* Connected to aomedia.googlesource.com (2607:f8b0:4023:c0b::52) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=*.googlecode.com
*  start date: Jan  2 08:18:33 2023 GMT
*  expire date: Mar 27 08:18:32 2023 GMT
*  subjectAltName: host "aomedia.googlesource.com" matched cert's "*.googlesource.com"
*  issuer: C=US; O=Google Trust Services LLC; CN=GTS CA 1C3
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x560779009ad0)
> GET /aom.git/ HTTP/2
> Host: aomedia.googlesource.com
> user-agent: curl/7.74.0
> accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
< HTTP/2 200

[kencu (Ken)]

worked OK for me:

DEBUG: dropping privileges: euid changed to 502, egid changed to 501.
DEBUG: Starting logging for aom @3.5.0_0
DEBUG: macOS 13.1 (darwin/22.2.0) arch arm
DEBUG: MacPorts 2.8.0
DEBUG: Xcode 14.2, CLT 14.2.0.0.1.1668646533
DEBUG: SDK 13
DEBUG: MACOSX_DEPLOYMENT_TARGET: 13.0
DEBUG: Found Dependency: path: /usr/bin filename: git regex: ^git$
--->  Computing dependencies for aom
DEBUG: Found Dependency: path: /usr/bin filename: git regex: ^git$
DEBUG: Searching for dependency: git
DEBUG: Didn't find receipt, going to depspec regex for: git
DEBUG: Found Dependency: path: /usr/bin filename: git regex: ^git$
DEBUG: Executing org.macports.main (aom)
DEBUG: dropping privileges: euid changed to 502, egid changed to 501.
DEBUG: fetch phase started at Mon Jan 23 21:02:27 PST 2023
--->  Fetching distfiles for aom
DEBUG: Executing org.macports.fetch (aom)
DEBUG: Executing: /usr/bin/git clone --progress https://aomedia.googlesource.com/aom.git /opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_multimedia_aom/aom/work/aom-3.5.0 2>&1
DEBUG: system: /usr/bin/git clone --progress https://aomedia.googlesource.com/aom.git /opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_multimedia_aom/aom/work/aom-3.5.0 2>&1
Cloning into '/opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_multimedia_aom/aom/work/aom-3.5.0'...
remote: Total 256983 (delta 203303), reused 256983 (delta 203303)         
Receiving objects: 100% (256983/256983), 357.41 MiB | 8.67 MiB/s, done.
Resolving deltas: 100% (203303/203303), done.
DEBUG: Executing GIT_DIR=/opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_multimedia_aom/aom/work/aom-3.5.0/.git GIT_WORK_TREE=/opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_multimedia_aom/aom/work/aom-3.5.0 /usr/bin/git checkout -q v3.5.0 2>&1
DEBUG: system: GIT_DIR=/opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_multimedia_aom/aom/work/aom-3.5.0/.git GIT_WORK_TREE=/opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_multimedia_aom/aom/work/aom-3.5.0 /usr/bin/git checkout -q v3.5.0 2>&1

and the files are there:

% ls -la
total 8
drwxr-xr-x   6 macports  wheel   192 23 Jan 21:02 .
drwxr-xr-x   3 macports  wheel    96 23 Jan 21:02 ..
drwxr-xr-x   2 macports  wheel    64 23 Jan 21:02 .home
-rw-r--r--   1 macports  wheel   113 23 Jan 21:03 .macports.aom.state
drwxr-xr-x   2 macports  wheel    64 23 Jan 21:02 .tmp
drwxr-xr-x  40 macports  wheel  1280 23 Jan 21:03 aom-3.5.0

% cd aom*
% ls

AUTHORS			PATENTS			aom_dsp			aom_util		build			docs.cmake		mainpage.dox		tools
CHANGELOG		README.md		aom_mem			aomedia_logo_200.png	codereview.settings	examples		stats			usage.dox
CMakeLists.txt		Sample.cfg		aom_ports		apps			common			keywords.dox		test			usage_cx.dox
LICENSE			aom			aom_scale		av1			doc			libs.doxy_template	third_party		usage_dx.dox

[MarcusCalhoun-Lopez (Marcus Calhoun-Lopez)]

I am afraid I cannot reproduce this problem either.
Is there anything about your system that might be causing these errors?
Perhaps the server was just temporarily down?

[pinxue (品雪)]

It is not the problem of the server, error is consistent and my Linux vps may clone the repo at same time.

Maybe the system environment issue, any clue for further investigation?

[kencu (Ken)]

instead of

curl -v https://aomedia.googlesource.com/aom.git/

force the system curl

/usr/bin/curl -v https://aomedia.googlesource.com/aom.git/

and see if that works.

[kencu (Ken)]

going to close this as worksforme.

We can sort out what happened on your network, perhaps, with more information, but it's not a general MacPorts issue.

[pinxue (品雪)]

MacPorts 2.8.1, aom @3.6.0, it works well now. Nothing else changed in my computer though. curl still reports error, so that I guess the mirror just synced files missed before.