Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#77992 - Add new Mirror: Canada @ Gaab-Networks
Attached to Project:
Arch Linux
Opened by Kevin Gaab (Strub3l) - Friday, 24 March 2023, 23:58 GMT
Last edited by Toolybird (Toolybird) - Wednesday, 05 April 2023, 21:11 GMT
Opened by Kevin Gaab (Strub3l) - Friday, 24 March 2023, 23:58 GMT
Last edited by Toolybird (Toolybird) - Wednesday, 05 April 2023, 21:11 GMT
|
DetailsMirror URLs: https://archive_ca.gaab-networks.de/arch http://archive_ca.gaab-networks.de/arch rsync://archive_ca.gaab-networks.de/arch
Country: Montreal, Canada Supported Protocols: HTTP; HTTPS; RSYNC Bandwidth: 1Gbps Contact Mail: kontakt@kevingaab.de ISOs: Yes Tier 1 Source: https://arch.mirror.constant.com |
This task depends upon
Closed by Toolybird (Toolybird)
Wednesday, 05 April 2023, 21:11 GMT
Reason for closing: Fixed
Additional comments about closing: "Thanks for adding! Everything works now! Described the rest in FS#78102"
Wednesday, 05 April 2023, 21:11 GMT
Reason for closing: Fixed
Additional comments about closing: "Thanks for adding! Everything works now! Described the rest in FS#78102"
Why is the Mirror Site showing "[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Hostname mismatch, certificate is not valid for 'archive_ca.gaab-networks.de'. (_ssl.c:997)"
- https://archlinux.org/mirrors/gaab-networks.de/1883/
Both SSLLabs and all my browsers/cURL on Windows and Linux show "ok".
https://www.ssllabs.com/ssltest/analyze.html?d=archive_ca.gaab-networks.de&latest
Mar 29 11:42:39 gemini.archlinux.org python[846512]: 2023-03-29 11:42:39 -> DEBUG: rsync cmd: rsync --quiet --contimeout=10 --timeout=10 --ipv4 rsync://archive_ca.gaab-networks.de/arch/lastsync /tmp/tmpfscgzv6h/lastsync
Mar 29 11:42:39 gemini.archlinux.org python[846512]: 2023-03-29 11:42:39 -> DEBUG: failed: https://archive_ca.gaab-networks.de/arch/lastsync, [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Hostname mismatch, certificate is not valid for 'archive_ca.gaab-networks.de'. (_ssl.c:997)
Mar 29 11:42:39 gemini.archlinux.org python[846512]: 2023-03-29 11:42:39 -> DEBUG: error: rsync://archive_ca.gaab-networks.de/arch/lastsync, b'rsync: [Receiver] failed to connect to archive_ca.gaab-networks.de (209.209.9.227): Connection refused (111)\nrsync error: error in socket IO (code 10) at clientserver.c(139) [Receiver=3.2.7]\n'
Mar 29 11:42:39 gemini.archlinux.org python[846512]: 2023-03-29 11:42:39 -> INFO: checking URL http://arch.mirror.constant.com/lastsync
Code: https://github.com/archlinux/archweb/blob/6b92832714d8a3c6c6c1189ad4353526b8d9bd14/mirrors/management/commands/mirrorcheck.py#L179
But I could not identify the certificate error that is given.
Is there somehow a more detailed error log?
Could it be that the verification program does not support certificates with multiple hostnames?
Mar 30 06:50:15 gemini.archlinux.org python[2810076]: 2023-03-30 06:50:15 -> INFO: checking URL https://archive_ca.gaab-networks.de/arch/lastsync
Mar 30 06:50:15 gemini.archlinux.org python[2810076]: 2023-03-30 06:50:15 -> DEBUG: failed: https://archive_ca.gaab-networks.de/arch/lastsync, Name or service not known
Mar 30 06:50:15 gemini.archlinux.org python[2810076]: 2023-03-30 06:50:15 -> INFO: checking URL http://archive_ca.gaab-networks.de/arch/lastsync
Python 3.10.10 (main, Mar 5 2023, 22:26:53) [GCC 12.2.1 20230201] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import urllib
>>> urllib.request
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
AttributeError: module 'urllib' has no attribute 'request'
>>> import urllib.request
>>> urllib.request.Request("https://archive_ca.gaab-networks.de/", None)
<urllib.request.Request object at 0x7fd5241dfd30>
>>> req = urllib.request.Request("https://archive_ca.gaab-networks.de/", None)
>>> result = urllib.request.urlopen(req, timeout=5)
Traceback (most recent call last):
File "/usr/lib/python3.10/urllib/request.py", line 1348, in do_open
h.request(req.get_method(), req.selector, req.data, headers,
File "/usr/lib/python3.10/http/client.py", line 1282, in request
self._send_request(method, url, body, headers, encode_chunked)
File "/usr/lib/python3.10/http/client.py", line 1328, in _send_request
self.endheaders(body, encode_chunked=encode_chunked)
File "/usr/lib/python3.10/http/client.py", line 1277, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File "/usr/lib/python3.10/http/client.py", line 1037, in _send_output
self.send(msg)
File "/usr/lib/python3.10/http/client.py", line 975, in send
self.connect()
File "/usr/lib/python3.10/http/client.py", line 1454, in connect
self.sock = self._context.wrap_socket(self.sock,
File "/usr/lib/python3.10/ssl.py", line 513, in wrap_socket
return self.sslsocket_class._create(
File "/usr/lib/python3.10/ssl.py", line 1071, in _create
self.do_handshake()
File "/usr/lib/python3.10/ssl.py", line 1342, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Hostname mismatch, certificate is not valid for 'archive_ca.gaab-networks.de'. (_ssl.c:997)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python3.10/urllib/request.py", line 216, in urlopen
return opener.open(url, data, timeout)
File "/usr/lib/python3.10/urllib/request.py", line 519, in open
response = self._open(req, data)
File "/usr/lib/python3.10/urllib/request.py", line 536, in _open
result = self._call_chain(self.handle_open, protocol, protocol +
File "/usr/lib/python3.10/urllib/request.py", line 496, in _call_chain
result = func(*args)
File "/usr/lib/python3.10/urllib/request.py", line 1391, in https_open
return self.do_open(http.client.HTTPSConnection, req,
File "/usr/lib/python3.10/urllib/request.py", line 1351, in do_open
raise URLError(err)
urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Hostname mismatch, certificate is not valid for 'archive_ca.gaab-networks.de'. (_ssl.c:997)>
>>>
>>>
This is an upstream python bug
OpenSSL bug report https://mta.openssl.org/pipermail/openssl-dev/2015-August/002416.html
Similiar dotnet issue https://github.com/dotnet/runtime/issues/35880#issuecomment-624449110
Would you mind changing the subdomain to archive-ca?
Thanks for solving the problem!
I also figured out why _ is not allowed in the DNS name.
"The use of underscores is a bit confusing. Underscores are not allowed in domain names according to RFC 1035."
So this is not a bug, it is a feature.
In the meantime, I've deployed more nodes of mine with the Arch Mirror, should I make a new feature request for that or does it work here too?