RSB Failure

Karel Gardas karel at functional.vision
Tue Nov 30 15:26:21 UTC 2021


I think you are right about certs issue:

download: no ssl context

suggest the same probably. But, it looks like everything is fine on the
server side:

$ openssl s_client -connect git.rtems.org:443
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = git.rtems.org
verify return:1
---
Certificate chain
 0 s:CN = git.rtems.org
   i:C = US, O = Let's Encrypt, CN = R3
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   i:O = Digital Signature Trust Co., CN = DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISA0PbLsmtHvaISDhLE5hsvRdCMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMTEwMjQxMjQ2NTVaFw0yMjAxMjIxMjQ2NTRaMBgxFjAUBgNVBAMT
DWdpdC5ydGVtcy5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCp
e+uIGW+YEHayckij6bxbigwqs+0dcvG7y+bGkgHAMbzKqyLvH0eowpHfLuxwU6PZ
4zsmi7Wt/nnzLFsT+G+goCa+4PoXv7e4HIyvRbRrQlcffBAoqjtR4NbjX2aPPBqa
r5KPg1NoE713VwB1TQId9+l1hy+bZESMu9t/ereC8FqLihfXynHdRRRmLbu9Y6Pu
TrQspRE1BzQCg5p3C4Pw94JSp//VDeH4njDdksRnrrgBGQ5aT/5pv9N/dmP+mjd4
Um0PewQ1I1luOzGGcIV5vtHqqLNnxA2M8m7vMGhy0hJ2I3S6t1JXBilX9kg1qEPo
pGwBfxTWPM1WRmdpSAc5AgMBAAGjggJGMIICQjAOBgNVHQ8BAf8EBAMCBaAwHQYD
VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O
BBYEFBQ5XKKYcDqC5Z2oomD50z8b7rKrMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJ
QOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3Iz
Lm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcv
MBgGA1UdEQQRMA+CDWdpdC5ydGVtcy5vcmcwTAYDVR0gBEUwQzAIBgZngQwBAgEw
NwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5j
cnlwdC5vcmcwggECBgorBgEEAdZ5AgQCBIHzBIHwAO4AdQDfpV6raIJPH2yt7rhf
Tj5a6s2iEqRqXo47EsAgRFwqcwAAAXyyjeKEAAAEAwBGMEQCIGdxPoInCappGYjS
Q5GX0c7V/k3zNUoUdbsXC+34NrwvAiB1RYRmgn9h5h7bach9x0HyVKYBICaTiSvu
Fdwa0FdSrwB1ACl5vvCeOTkh8FZzn2Old+W+V32cYAr4+U1dJlwlXceEAAABfLKN
4nQAAAQDAEYwRAIgW3QfcFdvFLMG+eDgizx2sHiidWGB1Ozg4NryjWtToMACIDSc
pGhubVCBQN1L4Fd6lYw0NYp4DxEA08+GQUZcsf7sMA0GCSqGSIb3DQEBCwUAA4IB
AQAaSfA+yhmWQPEJXx/HrSlF0SXYQIGpynBYTGkRgENBvlGBQeuPKpMFc0QnnLsE
sFJ3JMgrkEsU28KZivELPZfmd4i3is6ild3l4DYONO67L4Y1By7V2S6AzVhWdp3c
gZHgmr9+I6dNBOR8n5LpDmqY//8YbHYwRa1jaFXC9TNwKU/aJu6Yw167xFZVP3C1
3KPLByARgC8428nNOR6WUzFkfsKPgslaA5XS6CewaleSc5wEZWZHSXAgpKwsf7yT
Orpvs0AgMy14iAZMUzJAIcdwrhXNXPDX/0U/x3ZisV/2pTDeRFET70IwUpBEgJ9O
wekZTREGgLUAPxD/zwNU8ApC
-----END CERTIFICATE-----
subject=CN = git.rtems.org

issuer=C = US, O = Let's Encrypt, CN = R3
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 4752 bytes and written 471 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-SHA256
    Session-ID:
D0CB98B91EE36A3AC90D0EDBA7FDE066E5A48EC940549A8EC0BA2E922DD34618
    Session-ID-ctx:
    Master-Key:
5675E199AB067347223245EAEBB6C59896AA25858222C9DEEDD3E35927539E592974EE705A1C3DC40FA60E9F288B5F71
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - ab c1 dc e5 3f 92 28 3e-65 d9 ef 95 08 a5 26 cf
....?.(>e.....&.
    0010 - c9 d8 4a e9 22 2d be e6-24 f2 e7 0b 96 54 57 a9
..J."-..$....TW.
    0020 - 9e 39 ab ba 3e 00 2a 1c-1a 5d bb d1 6f a3 4e e7
.9..>.*..]..o.N.
    0030 - 37 54 78 84 52 26 48 ba-1e ae 30 01 c2 0e ca 4c
7Tx.R&H...0....L
    0040 - 19 b1 86 4a f2 67 7c 15-d7 20 5a c6 79 f9 34 67   ...J.g|..
Z.y.4g
    0050 - d2 28 ae bf e5 45 c5 97-db dc ad 77 98 49 33 82
.(...E.....w.I3.
    0060 - 02 13 3e e1 de c6 be 7d-b1 0e 9c 9d 4a 90 da 84
..>....}....J...
    0070 - 34 bc 4d d6 38 08 af 2e-34 26 6a 9f cf 8a f6 6a
4.M.8...4&j....j
    0080 - 91 e2 1d 00 74 26 d7 63-25 8e 6f af 89 3d 96 ed
....t&.c%.o..=..
    0090 - dd 25 66 50 ea 0d f1 8a-52 17 58 40 8c 11 6c 08
.%fP....R.X at ..l.
    00a0 - 66 4c ff f7 10 79 2a fb-9f 49 d3 76 b0 c9 50 93
fL...y*..I.v..P.
    00b0 - f7 40 48 b9 ae 15 2e 4e-08 6a 1c f1 d2 70 54 e2
. at H....N.j...pT.
    00c0 - eb 86 2a ab f9 05 c3 94-3b 4e c3 47 47 46 b1 74
..*.....;N.GGF.t

    Start Time: 1638285819
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
---
closed


so the issue seems to be on the client side. By any chance have you
forgotten to install your OS/distro certificates package? You need that
in order to verify server cert chain...

Karel

On 11/30/21 3:07 PM, Ryan Long wrote:
> Hi,
> 
> I'm trying to do a forced build of all of the tools and BSPs for RTEMS
> 5, but I'm getting this error.
> 
> script: 86: source_dir_rtems_tools=${rtems_tools_source}
> source setup: rtems-tools-0a5d2057749066e7d184836e92c7ce5334fccc90-1:
> source rtems-tools -q -n ${rtems_tools_source}
> making dir: /home/tester/rtems-cron-5/rtems-source-builder/rtems/sources
> download: (full)
> https://git.rtems.org/rtems-tools/snapshot/rtems-tools-0a5d2057749066e7d184836e92c7ce5334fccc90.tar.bz2
> -> sources/rtems-tools-0a5d2057749066e7d184836e92c7ce5334fccc90.tar.bz2
> download:
> https://git.rtems.org/rtems-tools/snapshot/rtems-tools-0a5d2057749066e7d184836e92c7ce5...<see
> log> ->
> sources/rtems-tools-0a5d2057749066e7d184836e92c7ce5334fccc90.tar.bz2
> download: no ssl context
> download:
> https://git.rtems.org/rtems-tools/snapshot/rtems-tools-0a5d2057749066e7d184836e92c7ce5...<see
> log>: error: <urlopen error [Errno 0] Error>
> error: downloading
> https://git.rtems.org/rtems-tools/snapshot/rtems-tools-0a5d2057749066e7d184836e92c7ce5334fccc90.tar.bz2:
> all paths have failed, giving up
> "rsb-report-rtems-tools-0a5d2057749066e7d184836e92c7ce5334fccc90-1.txt"
> [noeol] 407L, 32689B
> 
> 
> Yesterday, it was failing to pull in some patches from a ticket because
> the certificates had expired, but I'm not sure if this is the same
> issue. I was able to get this tarball with wget.
> 
> Does anyone know what the issue might be?
> 
> Thanks,
> 
> Ryan
> 
> _______________________________________________
> devel mailing list
> devel at rtems.org
> http://lists.rtems.org/mailman/listinfo/devel



More information about the devel mailing list