MbedTLS had build errors in julia 0.4

[yfractal]

Mux.jl depends MbedTLS.jl and it run tests in julia 0.4 by CI.
But the CI fails because of MbedTLS had build errors.

Does MbedTLS support julia 0.4 now?

[tkelman]

Prior versions did, master does not. That's a cache server failure, cc @staticfloat

[staticfloat]

It's failing on the second download; e.g. the fastly/AWS server connection. Steps to reproduce:

$ docker run -ti quay.io/travisci/travis-ruby /bin/bash
root@1b0d11fe155c:/# curl -v -L -o /dev/null 'https://julialangcache-s3.julialang.org/'
* About to connect() to julialangcache-s3.julialang.org port 443 (#0)
*   Trying 151.101.54.49...   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0connected
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
} [data not shown]
* SSLv3, TLS alert, Server hello (2):
{ [data not shown]
* error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
* Closing connection #0
curl: (35) error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version

Connecting directly to S3 works however:

root@1b0d11fe155c:/# curl -v -L -o /dev/null 'https://julialangcache.s3.amazonaws.com/'
... Lots of happy output ....

This is due to the fact that Fastly only supports TLS (and, starting today, only TLS version 1.2+) and the curl that comes with the precise images of Travis are too old to support this; they only support TLS 1.0.

[tkelman]

Good digging. Guess we could maybe do checksum verification but disable certificate checking in the curl call, would that help?

[staticfloat]

We can also run this:

$ sudo apt-get update && sudo apt-get upgrade -y libssl1.0.0

That is sufficient to get libssl1.0.0 updated to the point that it'll talk to our servers.

[tkelman]

oh, ubuntu backported that? could try using the apt addon https://docs.travis-ci.com/user/installing-dependencies/#Adding-APT-Packages to avoid needing platform conditionals around it

[staticfloat]

Yes, and that is also supposed to work when you don't have sudo access I think.

[tkelman]

right. and sooner or later travis may change their default to 14.04, though I wonder whether people on centos 6 or other similarly old distros may have issues here. python was complaining at me about something related a while back, I forget the exact details though.

[yfractal]

@tkelman
Hi, thanks for your reply.
I guess 0.3.0 is the newest version which supports Julia 0.4, is that right?

[staticfloat]

I wonder whether people on centos 6 or other similarly old distros may have issues here.

If I docker run -ti centos:6, I can curl just fine, so I think it's just a matter of people upgrading their outdated distros with the backported libssl packages. centos:5 doesn't work though, and I can't yum update to see if it's been backported because it looks like CentOS 5 is officially EOL'ed and the repos are gone.

[tkelman]

And the buildbots are indeed hitting this. Not good.

[samoconnor]

@quinnj obsolete issue? should be closed?