Xen project Mailing List

Re: [MirageOS-devel] [opam-devel] Problem with ocaml.janestreet.com TLS cert?

To: Richard Mortier <richard.mortier@xxxxxxxxxxxx>, Yaron Minsky <yminsky@xxxxxxxxxxxxxx>, Jeremie Dimino <jdimino@xxxxxxxxxxxxxx>

From: Anil Madhavapeddy <anil@xxxxxxxxxx>

Date: Sat, 18 Apr 2015 16:35:14 +0100

Cc: opam-devel <opam-devel@xxxxxxxxxxxxxxx>, mirageos-devel <MirageOS-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Sat, 18 Apr 2015 15:35:14 +0000

List-id: Developer list for MirageOS <mirageos-devel.lists.xenproject.org>

This is a broken `curl` command on base OSX. Try switching to wget with: export OPAMFETCH=wget CCing Yaron Minsky and Jeremie Diminio about the Jane Street setup -- this is likely a result of disabling SSLv3 due to the POODLE attack. -anil > On 18 Apr 2015, at 16:32, Richard Mortier <richard.mortier@xxxxxxxxxxxx> > wrote: > > Hi; > > I seem to be having a problem with the Jane Street TLS cert for > ocaml.janestreet.com. OPAM is refusing to install sexplib etc as a > result. I presume this is a curl TLS issue and I need a magic > environment variable or something, but can't find it. Any ideas? > > This is on OSX using homebrew curl and OPAM 1.2.0. > > """ > ... > % Total % Received % Xferd Average Speed Time Time Time Current > Dload Upload Total Spent Left Speed > 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 > --:--:-- 0curl: (56) SSLRead() return error -9841 > 000 > [ERROR] > https://ocaml.janestreet.com/ocaml-core/112.24/files/sexplib-112.24.01.tar.gz > is not available > [ERROR] Could not download archives of sexplib.112.24.01 > > 'opam upgrade --verbose sexplib' failed. > """" > > FWIW, visiting the site, Chrome complains: > > "The identity of this website has been verified by VeriSign Class 3 > Secure Server CA - G3 but does not have public audit records. > > The site is using outdated security settings that may prevent future > versions of Chrome from being able to safely access it." > > and > > "Your connection to ocaml.janestreet.com is encrypted with obsolete > cryptography. > > The connection uses TLS 1.2. > > The connection is encrypted and authenticated using AES_128_GCM and > uses RSA as the key exchange mechanism." > > -- > Richard Mortier > richard.mortier@xxxxxxxxxxxx > _______________________________________________ > opam-devel mailing list > opam-devel@xxxxxxxxxxxxxxx > http://lists.ocaml.org/listinfo/opam-devel > _______________________________________________ MirageOS-devel mailing list MirageOS-devel@xxxxxxxxxxxxxxxxxxxx http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.