Ubuntu 18.04 curl returns SSL_ERROR_SYSCALL
0
This all works just fine in 16.04. I am running the same setup in 18.04, cntlm running as my proxy, ca-certificates updated with the corporate root cert. Chrome, Firefox, wget, etc work with https without issue. Curl on the other hand always fails when going to https. I also tried going directly to the proxy setting the environment variables (eg: https_proxy=https://my_username:my_password@my.corp.proxy:8080) and I get the same ssl error.
18.04 curl run:
curl -v https://ubuntu.com
* Rebuilt URL to: https://ubuntu.com/
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 3128 (#0)
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 127.0.0.1:3128
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 127.0.0.1:3128
16.04 curl run:
curl -v https://ubuntu.com
* Rebuilt URL to: https://ubuntu.com/
* Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 3128 (#0)
* Establish HTTP proxy tunnel to ubuntu.com:443
> CONNECT ubuntu.com:443 HTTP/1.1
> Host: ubuntu.com:443
> User-Agent: curl/7.47.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection established
< Connection: close
<
* Proxy replied OK to CONNECT request
* found 152 certificates in /etc/ssl/certs/ca-certificates.crt
* found 620 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
* server certificate verification OK
* server certificate status verification SKIPPED
* common name: ubuntu.com (matched)
* server certificate expiration date OK
* server certificate activation date OK
* certificate public key: RSA
* certificate version: #3
* subject: businessCategory=Private Organization,jurisdictionOfIncorporationCountryName=GB,serialNumber=06870835,C=GB,L=London,O=Canonical Group Ltd,OU=James Troup,CN=ubuntu.com
* start date: Mon, 06 Aug 2018 00:00:00 GMT
* expire date: Wed, 21 Aug 2019 12:00:00 GMT
* issuer: REDACTED
* compression: NULL
* ALPN, server did not agree to a protocol
> GET / HTTP/1.1
> Host: ubuntu.com
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Date: Thu, 14 Feb 2019 02:09:17 GMT
< Server: Apache/2.2.22 (Ubuntu)
< Location: https://www.ubuntu.com/
< Vary: Accept-Encoding
< Content-Length: 308
< Content-Type: text/html; charset=iso-8859-1
< Proxy-Connection: Keep-Alive
< Connection: Keep-Alive
< Age: 0
<
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.ubuntu.com/">here</a>.</p>
<hr>
<address>Apache/2.2.22 (Ubuntu) Server at ubuntu.com Port 443</address>
</body></html>
* Connection #0 to host 127.0.0.1 left intact
18.04 curl
asked 15 mins ago
Joe GJoe G
1
New contributor
Joe G is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
0
This all works just fine in 16.04. I am running the same setup in 18.04, cntlm running as my proxy, ca-certificates updated with the corporate root cert. Chrome, Firefox, wget, etc work with https without issue. Curl on the other hand always fails when going to https. I also tried going directly to the proxy setting the environment variables (eg: https_proxy=https://my_username:my_password@my.corp.proxy:8080) and I get the same ssl error.
18.04 curl run:
curl -v https://ubuntu.com
* Rebuilt URL to: https://ubuntu.com/
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 3128 (#0)
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 127.0.0.1:3128
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 127.0.0.1:3128
16.04 curl run:
curl -v https://ubuntu.com
* Rebuilt URL to: https://ubuntu.com/
* Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 3128 (#0)
* Establish HTTP proxy tunnel to ubuntu.com:443
> CONNECT ubuntu.com:443 HTTP/1.1
> Host: ubuntu.com:443
> User-Agent: curl/7.47.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection established
< Connection: close
<
* Proxy replied OK to CONNECT request
* found 152 certificates in /etc/ssl/certs/ca-certificates.crt
* found 620 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
* server certificate verification OK
* server certificate status verification SKIPPED
* common name: ubuntu.com (matched)
* server certificate expiration date OK
* server certificate activation date OK
* certificate public key: RSA
* certificate version: #3
* subject: businessCategory=Private Organization,jurisdictionOfIncorporationCountryName=GB,serialNumber=06870835,C=GB,L=London,O=Canonical Group Ltd,OU=James Troup,CN=ubuntu.com
* start date: Mon, 06 Aug 2018 00:00:00 GMT
* expire date: Wed, 21 Aug 2019 12:00:00 GMT
* issuer: REDACTED
* compression: NULL
* ALPN, server did not agree to a protocol
> GET / HTTP/1.1
> Host: ubuntu.com
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Date: Thu, 14 Feb 2019 02:09:17 GMT
< Server: Apache/2.2.22 (Ubuntu)
< Location: https://www.ubuntu.com/
< Vary: Accept-Encoding
< Content-Length: 308
< Content-Type: text/html; charset=iso-8859-1
< Proxy-Connection: Keep-Alive
< Connection: Keep-Alive
< Age: 0
<
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.ubuntu.com/">here</a>.</p>
<hr>
<address>Apache/2.2.22 (Ubuntu) Server at ubuntu.com Port 443</address>
</body></html>
* Connection #0 to host 127.0.0.1 left intact
18.04 curl
asked 15 mins ago
Joe GJoe G
1
New contributor
Joe G is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
0
0
0
This all works just fine in 16.04. I am running the same setup in 18.04, cntlm running as my proxy, ca-certificates updated with the corporate root cert. Chrome, Firefox, wget, etc work with https without issue. Curl on the other hand always fails when going to https. I also tried going directly to the proxy setting the environment variables (eg: https_proxy=https://my_username:my_password@my.corp.proxy:8080) and I get the same ssl error.
18.04 curl run:
curl -v https://ubuntu.com
* Rebuilt URL to: https://ubuntu.com/
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 3128 (#0)
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 127.0.0.1:3128
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 127.0.0.1:3128
16.04 curl run:
curl -v https://ubuntu.com
* Rebuilt URL to: https://ubuntu.com/
* Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 3128 (#0)
* Establish HTTP proxy tunnel to ubuntu.com:443
> CONNECT ubuntu.com:443 HTTP/1.1
> Host: ubuntu.com:443
> User-Agent: curl/7.47.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection established
< Connection: close
<
* Proxy replied OK to CONNECT request
* found 152 certificates in /etc/ssl/certs/ca-certificates.crt
* found 620 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
* server certificate verification OK
* server certificate status verification SKIPPED
* common name: ubuntu.com (matched)
* server certificate expiration date OK
* server certificate activation date OK
* certificate public key: RSA
* certificate version: #3
* subject: businessCategory=Private Organization,jurisdictionOfIncorporationCountryName=GB,serialNumber=06870835,C=GB,L=London,O=Canonical Group Ltd,OU=James Troup,CN=ubuntu.com
* start date: Mon, 06 Aug 2018 00:00:00 GMT
* expire date: Wed, 21 Aug 2019 12:00:00 GMT
* issuer: REDACTED
* compression: NULL
* ALPN, server did not agree to a protocol
> GET / HTTP/1.1
> Host: ubuntu.com
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Date: Thu, 14 Feb 2019 02:09:17 GMT
< Server: Apache/2.2.22 (Ubuntu)
< Location: https://www.ubuntu.com/
< Vary: Accept-Encoding
< Content-Length: 308
< Content-Type: text/html; charset=iso-8859-1
< Proxy-Connection: Keep-Alive
< Connection: Keep-Alive
< Age: 0
<
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.ubuntu.com/">here</a>.</p>
<hr>
<address>Apache/2.2.22 (Ubuntu) Server at ubuntu.com Port 443</address>
</body></html>
* Connection #0 to host 127.0.0.1 left intact
18.04 curl
asked 15 mins ago
Joe GJoe G
1
New contributor
Joe G is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
This all works just fine in 16.04. I am running the same setup in 18.04, cntlm running as my proxy, ca-certificates updated with the corporate root cert. Chrome, Firefox, wget, etc work with https without issue. Curl on the other hand always fails when going to https. I also tried going directly to the proxy setting the environment variables (eg: https_proxy=https://my_username:my_password@my.corp.proxy:8080) and I get the same ssl error.
18.04 curl run:
curl -v https://ubuntu.com
* Rebuilt URL to: https://ubuntu.com/
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 3128 (#0)
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 127.0.0.1:3128
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 127.0.0.1:3128
16.04 curl run:
curl -v https://ubuntu.com
* Rebuilt URL to: https://ubuntu.com/
* Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 3128 (#0)
* Establish HTTP proxy tunnel to ubuntu.com:443
> CONNECT ubuntu.com:443 HTTP/1.1
> Host: ubuntu.com:443
> User-Agent: curl/7.47.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection established
< Connection: close
<
* Proxy replied OK to CONNECT request
* found 152 certificates in /etc/ssl/certs/ca-certificates.crt
* found 620 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
* server certificate verification OK
* server certificate status verification SKIPPED
* common name: ubuntu.com (matched)
* server certificate expiration date OK
* server certificate activation date OK
* certificate public key: RSA
* certificate version: #3
* subject: businessCategory=Private Organization,jurisdictionOfIncorporationCountryName=GB,serialNumber=06870835,C=GB,L=London,O=Canonical Group Ltd,OU=James Troup,CN=ubuntu.com
* start date: Mon, 06 Aug 2018 00:00:00 GMT
* expire date: Wed, 21 Aug 2019 12:00:00 GMT
* issuer: REDACTED
* compression: NULL
* ALPN, server did not agree to a protocol
> GET / HTTP/1.1
> Host: ubuntu.com
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Date: Thu, 14 Feb 2019 02:09:17 GMT
< Server: Apache/2.2.22 (Ubuntu)
< Location: https://www.ubuntu.com/
< Vary: Accept-Encoding
< Content-Length: 308
< Content-Type: text/html; charset=iso-8859-1
< Proxy-Connection: Keep-Alive
< Connection: Keep-Alive
< Age: 0
<
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.ubuntu.com/">here</a>.</p>
<hr>
<address>Apache/2.2.22 (Ubuntu) Server at ubuntu.com Port 443</address>
</body></html>
* Connection #0 to host 127.0.0.1 left intact
18.04 curl
18.04 curl
asked 15 mins ago
Joe GJoe G
1
New contributor
Joe G is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 15 mins ago
Joe GJoe G
1
New contributor
Joe G is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 15 mins ago
Joe GJoe G
1
New contributor
Joe G is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 15 mins ago
Joe GJoe G
1
asked 15 mins ago
Joe GJoe G
1
1
New contributor
Joe G is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Joe G is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Joe G is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Joe G is a new contributor. Be nice, and check out our Code of Conduct.
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1118090%2fubuntu-18-04-curl-returns-ssl-error-syscall%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Joe G is a new contributor. Be nice, and check out our Code of Conduct.
draft saved
draft discarded
Joe G is a new contributor. Be nice, and check out our Code of Conduct.
Joe G is a new contributor. Be nice, and check out our Code of Conduct.
Joe G is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1118090%2fubuntu-18-04-curl-returns-ssl-error-syscall%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown