SSL errors on windows


#1

Hi

I’ve started to look into using chef-solo to configure our workstations.
I’m running into the SSL problem shown below

I can see this is somewhat related, but should be fixed:
https://tickets.opscode.com/browse/CHEF-4649

Any other suggestions to solve this?

/Jeppe

Starting Chef Client, version 11.10.2

Recipe: git::windows

  • windows_package[Git version 1.8.1.2-preview20130201] action
    installRecipe: <
    Dynamically Defined Resource>
  • remote_file[c:/chef/Git-1.8.1.2-preview20130201.exe] action
    create[2014-03-0
    3T16:35:24+01:00] ERROR: SSL Validation failure connecting to host:
    msysgit.goog
    lecode.com - SSL_connect SYSCALL returned=5 errno=0 state=SSLv2/v3 read
    server h
    ello A

#2

Hi Jeppe,

seeing this quite often in recent times. Might all be the same:




This is what worked for me:

HTH, Torben

On Mon, Mar 3, 2014 at 5:01 PM, Jeppe Nejsum Madsen jeppe@ingolfs.dkwrote:

Hi

I’ve started to look into using chef-solo to configure our workstations.
I’m running into the SSL problem shown below

I can see this is somewhat related, but should be fixed:
https://tickets.opscode.com/browse/CHEF-4649

Any other suggestions to solve this?

/Jeppe

Starting Chef Client, version 11.10.2

Recipe: git::windows

  • windows_package[Git version 1.8.1.2-preview20130201] action
    installRecipe: <
    Dynamically Defined Resource>
  • remote_file[c:/chef/Git-1.8.1.2-preview20130201.exe] action
    create[2014-03-0
    3T16:35:24+01:00] ERROR: SSL Validation failure connecting to host:
    msysgit.goog
    lecode.com - SSL_connect SYSCALL returned=5 errno=0 state=SSLv2/v3 read
    server h
    ello A

#3

Well, that shouldn’t be an issue if you installed via Omnibus - Jeppe, did
you use omnibus to install Chef or did you gem install?

If you are missing the following file, that’s probably the cause, and
Torben’s advice would come into play for how you can replace it:

C:\opscode\chef\embedded\ssl\certs\cacert.pem

It’s also possible that something is out of date with that file, so
obtaining the latest per Torben’s instructions and copying it over the
existing could solve it.

I tried the following recipe on Chef 11.10 with ssl_verify_mode set to
:verify_peer and it worked for me via chef-solo, so at the moment I can’t
reproduce the issue

remote_file “c:/test/mybing.html” do

source “https://bing.com

this fails when I replace with a site that has an invalid cert, and

that will succeed if I set verify mode to none

end

If that works for you Jeppe, then there must be something specific we need
to repro with your recipe - if you can share a failing fragment, that would
help.

Thanks.

-Adam

From: Torben Knerr [mailto:ukio@gmx.de]
Sent: Monday, March 3, 2014 12:13 PM
To: chef@lists.opscode.com
Subject: [chef] Re: SSL errors on windows

Hi Jeppe,

seeing this quite often in recent times. Might all be the same:

This is what worked for me:

HTH, Torben

On Mon, Mar 3, 2014 at 5:01 PM, Jeppe Nejsum Madsen jeppe@ingolfs.dk
wrote:

Hi

I’ve started to look into using chef-solo to configure our workstations.
I’m running into the SSL problem shown below

I can see this is somewhat related, but should be fixed:
https://tickets.opscode.com/browse/CHEF-4649

Any other suggestions to solve this?

/Jeppe

Starting Chef Client, version 11.10.2

Recipe: git::windows

  • windows_package[Git version 1.8.1.2-preview20130201] action
    installRecipe: <
    Dynamically Defined Resource>
  • remote_file[c:/chef/Git-1.8.1.2-preview20130201.exe] action
    create[2014-03-0
    3T16:35:24+01:00] ERROR: SSL Validation failure connecting to host:
    msysgit.goog
    lecode.com - SSL_connect SYSCALL returned=5 errno=0 state=SSLv2/v3 read
    server h
    ello A