Opened 6 weeks ago

Last modified 6 weeks ago

#70505 assigned defect

openjdk21-zulu fetch failure: Invalid certificate chain

Reported by: Pelitron Owned by: breun (Nils Breunese)
Priority: Normal Milestone:
Component: ports Version:
Keywords: Cc:
Port: openjdk21-zulu

Description (last modified by jmroot (Joshua Root))

Hello dears, I have the next error during the instalation of the py310-tensorflow. 

Error: Failed to fetch openjdk21-zulu: SSL certificate problem: Invalid certificate chain
Error: See /opt/local/var/macports/logs/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_java_openjdk21-zulu/openjdk21-zulu/main.log for details.
Error: Follow https://guide.macports.org/#project.tickets if you believe there
is a bug.
Error: Processing of port py-tensorflow failed

Anyone could help me, please? Thank very much for your support.

Change History (5)

comment:1 Changed 6 weeks ago by jmroot (Joshua Root)

Description: modified (diff)
Owner: set to breun
Port: openjdk21-zulu added
Status: newassigned
Summary: Error installing py310-tensorflowopenjdk21-zulu fetch failure: Invalid certificate chain

comment:2 Changed 6 weeks ago by breun (Nils Breunese)

Are there any more details in the log file mentioned in the error message? What operating system version is this on?

comment:3 Changed 6 weeks ago by ryandesign (Ryan Carsten Schmidt)

We see an SSL-related fetch failure on the 10.8 and earlier buildbot machines but not on 10.9 or later.

This wouldn't be a problem if we mirrored the distfiles but the port deliberately prevents that. Why? I'm sure I've asked this before, perhaps not specifically about this port but about other JDK ports.

comment:4 Changed 6 weeks ago by breun (Nils Breunese)

It’s not clear to me if redistributing these binaries is allowed, so that’s why they’re currently not.

comment:5 Changed 6 weeks ago by breun (Nils Breunese)

https://build.macports.org/builders/ports-10.8_x86_64-builder/builds/184742/steps/install-port/logs/stdio says: 

--->  Attempting to fetch zulu21.36.17-ca-jdk21.0.4-macosx_x64.tar.gz from https://cdn.azul.com/zulu/bin/
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
DEBUG: Fetching distfile failed: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
Error: Failed to fetch openjdk21-zulu: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
DEBUG: Error code: NONE

That sounds to me like an issue with the TLS version. According to Qualys SSL Labs cdn.azul.com supports TLS 1.2 and 1.3. Does 10.8 not support TLS 1.2?

Last edited 6 weeks ago by breun (Nils Breunese) (previous) (diff)
Note: See TracTickets for help on using tickets.