I tried it on my spouse’s intel MacBook— confirmed it works on MacOS version 10.13.6 (LibreSSL 2.2.7). And yes, I extracted the file this time!
Mark Brethen mark.bret...@gmail.com > On Jul 19, 2022, at 11:34 AM, Mark Brethen <mark.bret...@gmail.com> wrote: > > What version of curl/libressl? > > Mark Brethen > mark.bret...@gmail.com > > > >> On Jul 19, 2022, at 11:31 AM, Nils Breunese <n...@breun.nl> wrote: >> >> Mark Brethen <mark.bret...@gmail.com> wrote: >> >>> it has the file name and extensions but you’re right, it’s not a compressed >>> file. >> >> The -O flag will write whatever body gets returned by the server into a file >> with the same name as the 'file name’ part of the URL, regardless of whether >> the HTTP status code of the response indicates success, a redirect, a client >> error or a server error. >> >> You’ll see that the 273 bytes that get returned by requesting >> http://wias-berlin.de/software/tetgen/1.5/src/tetgen1.5.1.tar.gz are just >> HTML saying the the document should be requested via HTTPS: >> >> ❯ curl -O http://wias-berlin.de/software/tetgen/1.5/src/tetgen1.5.1.tar.gz >> % Total % Received % Xferd Average Speed Time Time Time Current >> Dload Upload Total Spent Left Speed >> 100 273 100 273 0 0 1122 0 --:--:-- --:--:-- --:--:— 1181 >> >> >> ❯ cat tetgen1.5.1.tar.gz >> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> >> <html><head> >> <title>301 Moved Permanently</title> >> </head><body> >> <h1>Moved Permanently</h1> >> <p>The document has moved <a >> href="https://wias-berlin.de/software/tetgen/1.5/src/tetgen1.5.1.tar.gz";>here</a>.</p> >> </body></html> >> >> When you tell curl to follow redirects, you’ll see a second request being >> made and 275k getting downloaded: >> >> ❯ curl -OL http://wias-berlin.de/software/tetgen/1.5/src/tetgen1.5.1.tar.gz >> % Total % Received % Xferd Average Speed Time Time Time Current >> Dload Upload Total Spent Left Speed >> 100 273 100 273 0 0 194 0 0:00:01 0:00:01 --:--:-- >> 195 >> 100 275k 100 275k 0 0 75618 0 0:00:03 0:00:03 --:--:— 249k >> >> ❯ file tetgen1.5.1.tar.gz >> tetgen1.5.1.tar.gz: gzip compressed data, was "tetgen1.5.1.tar", last >> modified: Tue Aug 21 14:40:36 2018, max compression, from Unix, original >> size modulo 2^32 1528832 >> >> This works fine for me on macOS 12.4 Intel. >> >> Nils. >> >>> I tried two different intel-based Macs with clean installs of Catalina and >>> Big Sur (both use LibreSSL 2.8.3 btw) and was able to repeat that error. >>> However, it works correctly on an M1 installed with Big Sur. Since this is >>> the only host that I have run into problems with fetch, I’m not sure it’s >>> worth the time spent. >>> >>>> On Jul 19, 2022, at 10:36 AM, Nils Breunese <n...@breun.nl> wrote: >>>> >>>> It doesn’t look like the .tar.gz file downloaded successfully, it looks >>>> like the HTML for the 301 redirect was downloaded. >>>> >>>> Nils. >>>> >>>>> Op 19 jul. 2022 om 17:20 heeft Mark Brethen <mark.bret...@gmail.com> het >>>>> volgende geschreven: >>>>> >>>>> Understood. Using HTTP instead of HTTPS doesn’t invoke SSL/TLS. If you >>>>> look at the command line output (not port), that error didn’t occur and >>>>> the file downloaded successfully. I was curious what the fetch curl >>>>> command looked like vs the command line? >>>>> >>>>> Sent from my iPhone >>>>> >>>>>> On Jul 19, 2022, at 9:57 AM, Nils Breunese <n...@breun.nl> wrote: >>>>>> >>>>>> >>>>>> This depends on your definition of succeeding. The request to the HTTP >>>>>> URL returns a 301 redirect, which is not necessarily a ‘success’ status >>>>>> code. This response points to the HTTPS URL and the TLS/SSL error only >>>>>> occurs when requesting that URL. >>>>>> >>>>>> Nils. >>>>>> >>>>>>> Op 19 jul. 2022 om 11:58 heeft Mark Brethen <mark.bret...@gmail.com> >>>>>>> het volgende geschreven: >>>>>>> >>>>>>> Please tell me why fetch still fails when /usr/bin/curl succeeds in >>>>>>> terminal? >>>>>>> >>>>>>> :notice:fetch ---> Attempting to fetch tetgen1.5.1.tar.gz from >>>>>>> http://wias-berlin.de/software/tetgen/1.5/src/ >>>>>>> :debug:fetch Fetching distfile failed: error:14008410:SSL >>>>>>> routines:CONNECT_CR_KEY_EXCH:sslv3 alert handshake failure >>>>>>> >>>>>>> Mark Brethen >>>>>>> mark.bret...@gmail.com >>>>>>> >>>>>>> >>>>>>> >>>>>>>> On Jul 19, 2022, at 4:46 AM, Mark Brethen <mark.bret...@gmail.com> >>>>>>>> wrote: >>>>>>>> >>>>>>>> HTTPS uses TLS (SSL) to encrypt normal HTTP requests and responses. >>>>>>>> Use HTTP instead: >>>>>>>> >>>>>>>> ~ $ cd Downloads >>>>>>>> Downloads $ /usr/bin/curl -vO >>>>>>>> http://wias-berlin.de/software/tetgen/1.5/src/tetgen1.5.1.tar.gz >>>>>>>> % Total % Received % Xferd Average Speed Time Time Time >>>>>>>> Current >>>>>>>> Dload Upload Total Spent Left >>>>>>>> Speed >>>>>>>> 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- >>>>>>>> 0* Trying 62.141.177.111... >>>>>>>> * TCP_NODELAY set >>>>>>>> * Connected to wias-berlin.de (62.141.177.111) port 80 (#0) >>>>>>>>> GET /software/tetgen/1.5/src/tetgen1.5.1.tar.gz HTTP/1.1 >>>>>>>>> Host: wias-berlin.de >>>>>>>>> User-Agent: curl/7.64.1 >>>>>>>>> Accept: */* >>>>>>>>> >>>>>>>> < HTTP/1.1 301 Moved Permanently >>>>>>>> < Date: Tue, 19 Jul 2022 09:37:56 GMT >>>>>>>> < Server: Apache >>>>>>>> < Location: >>>>>>>> https://wias-berlin.de/software/tetgen/1.5/src/tetgen1.5.1.tar.gz >>>>>>>> < Content-Length: 273 >>>>>>>> < Content-Type: text/html; charset=iso-8859-1 >>>>>>>> < >>>>>>>> { [273 bytes data] >>>>>>>> 100 273 100 273 0 0 291 0 --:--:-- --:--:-- >>>>>>>> --:--:-- 291 >>>>>>>> * Connection #0 to host wias-berlin.de left intact >>>>>>>> * Closing connection 0 >>>>>>>> >>>>>>>> Mark Brethen >>>>>>>> mark.bret...@gmail.com >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> On Jul 18, 2022, at 11:56 AM, Mark Brethen <mark.bret...@gmail.com> >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>> It’s more likely that curl 7.64.1 succeeds to connect while openssl >>>>>>>>> 2.8.3 fails with alert number 40 (see below). It might be related to >>>>>>>>> the server which has several virtual hosts. openssl 3.0.5 (mp) seems >>>>>>>>> to handle it fine compared to openssl 2.8.3. >>>>>>>>> >>>>>>>>> Downloads $ openssl version >>>>>>>>> OpenSSL 3.0.5 5 Jul 2022 (Library: OpenSSL 3.0.5 5 Jul 2022) >>>>>>>>> >>>>>>>>> Downloads $ openssl s_client -connect wias-berlin.de:443 -servername >>>>>>>>> wias-berlin.de >>>>>>>>> CONNECTED(00000005) >>>>>>>>> depth=3 C = DE, O = T-Systems Enterprise Services GmbH, OU = >>>>>>>>> T-Systems Trust Center, CN = T-TeleSec GlobalRoot Class 2 >>>>>>>>> verify return:1 >>>>>>>>> depth=2 C = DE, O = Verein zur Foerderung eines Deutschen >>>>>>>>> Forschungsnetzes e. V., OU = DFN-PKI, CN = DFN-Verein Certification >>>>>>>>> Authority 2 >>>>>>>>> verify return:1 >>>>>>>>> depth=1 C = DE, O = Verein zur Foerderung eines Deutschen >>>>>>>>> Forschungsnetzes e. V., OU = DFN-PKI, CN = DFN-Verein Global Issuing >>>>>>>>> CA >>>>>>>>> verify return:1 >>>>>>>>> depth=0 C = DE, ST = Berlin, L = Berlin, O = Forschungsverbund Berlin >>>>>>>>> e.V., OU = Weierstrass-Institut f. Angewandte Analysis u. Stochastik >>>>>>>>> (WIAS), OU = RT, CN = www.wias-berlin.de >>>>>>>>> verify return:1 >>>>>>>>> >>>>>>>>> Downloads $ /usr/bin/openssl version >>>>>>>>> LibreSSL 2.8.3 >>>>>>>>> >>>>>>>>> Downloads $ /usr/bin/openssl s_client -connect wias-berlin.de:443 >>>>>>>>> -servername wias-berlin.de >>>>>>>>> CONNECTED(00000005) >>>>>>>>> depth=3 C = DE, O = T-Systems Enterprise Services GmbH, OU = >>>>>>>>> T-Systems Trust Center, CN = T-TeleSec GlobalRoot Class 2 >>>>>>>>> verify return:1 >>>>>>>>> depth=2 C = DE, O = Verein zur Foerderung eines Deutschen >>>>>>>>> Forschungsnetzes e. V., OU = DFN-PKI, CN = DFN-Verein Certification >>>>>>>>> Authority 2 >>>>>>>>> verify return:1 >>>>>>>>> depth=1 C = DE, O = Verein zur Foerderung eines Deutschen >>>>>>>>> Forschungsnetzes e. V., OU = DFN-PKI, CN = DFN-Verein Global Issuing >>>>>>>>> CA >>>>>>>>> verify return:1 >>>>>>>>> depth=0 C = DE, ST = Berlin, L = Berlin, O = Forschungsverbund Berlin >>>>>>>>> e.V., OU = Weierstrass-Institut f. Angewandte Analysis u. Stochastik >>>>>>>>> (WIAS), OU = RT, CN = www.wias-berlin.de >>>>>>>>> verify return:1 >>>>>>>>> 4381900460:error:14008410:SSL routines:CONNECT_CR_KEY_EXCH:sslv3 >>>>>>>>> alert handshake >>>>>>>>> failure:/System/Volumes/Data/SWE/macOS/BuildRoots/880a0f6e74/Library/Caches/com.apple.xbs/Sources/libressl/libressl-56.60.4/libressl-2.8/ssl/ssl_pkt.c:1200:SSL >>>>>>>>> alert number 40 >>>>>>>>> 4381900460:error:140080E5:SSL routines:CONNECT_CR_KEY_EXCH:ssl >>>>>>>>> handshake >>>>>>>>> failure:/System/Volumes/Data/SWE/macOS/BuildRoots/880a0f6e74/Library/Caches/com.apple.xbs/Sources/libressl/libressl-56.60.4/libressl-2.8/ssl/ssl_pkt.c:585: >>>>>>>>> --- >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> Mark >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>>> On Jul 18, 2022, at 8:11 AM, Mark Brethen <mark.bret...@gmail.com> >>>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>> wias-berlin.de >>>>>>>>> >>>>>>>> >>>>>>> >>> >> >
