[SOLVED] GnuTLS: Error in the pull function.

[lewik]

Fresh installation, no custom settings.
Try to download some files on host os (same result on vms):

wget https://jitpack.io/com/github/lewik/klog/klog-metadata/1.3.70/klog-metadata-1.3.70.pom

--2020-04-19 12:27:35--  https://jitpack.io/com/github/lewik/klog/klog-metadata/1.3.70/klog-metadata-1.3.70.pom
Resolving jitpack.io (jitpack.io)... 104.26.8.99, 104.26.9.99, 2606:4700:20::681a:863, ...
Connecting to jitpack.io (jitpack.io)|104.26.8.99|:443... connected.
GnuTLS: Error in the pull function.
Unable to establish SSL connection

curl -v https://jitpack.io/com/github/lewik/klog/klog-metadata/1.3.70/klog-metadata-1.3.70.pom

* Expire in 0 ms for 6 (transfer 0x561b93317f50)
...a lot of * Expire in ...
*   Trying 104.26.8.99...
* TCP_NODELAY set
* Expire in 149999 ms for 3 (transfer 0x561b93317f50)
* Expire in 200 ms for 4 (transfer 0x561b93317f50)
* Connected to jitpack.io (104.26.8.99) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to jitpack.io:443
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to jitpack.io:443

The same commands on the local machine work.

 

[Moayad]

did you tried wget and curl with skipping ssl?

wget https://jitpack.io/com/github/lewik/klog/klog-metadata/1.3.70/klog-metadata-1.3.70.pom --no-check-certificate

And curl with
curl -v https://jitpack.io/com/github/lewik/klog/klog-metadata/1.3.70/klog-metadata-1.3.70.pom -k

 

[lewik]

I tried to skip SSL. Same result.
The issue was not on proxmox side. The fix is to use www.jitpack.io instead of jitpack.io
https://github.com/jitpack/jitpack.io/issues/3973#issuecomment-531199645

 

[apmuthu]

PVE 3.4 uses wget from Wheezy v7.11 that does not support TLS. The last version of wget from the debian archive is v1.13.4-3+deb7u6. There is an updated version for it at:
http://deb.freexian.com/extended-lts/pool/main/w/wget/wget_1.13.4-3+deb7u8_amd64.deb

This addresses the following:
* Non-maintainer upload by the Debian ELTS Team
* CVE-2016-7098
files rejected by access list are kept on the disk for the duration of HTTP connection
However, the TLS error still persists:

# /usr/bin/wget --no-check-certificate https://download.rockylinux.org/pub/rocky/8.3/isos/x86_64/Rocky-8.3-x86_64-minimal.iso
--2021-05-10 05:50:00--  https://download.rockylinux.org/pub/rocky/8.3/isos/x86_64/Rocky-8.3-x86_64-minimal.iso
Resolving download.rockylinux.org (download.rockylinux.org)... 151.101.154.132
Connecting to download.rockylinux.org (download.rockylinux.org)|151.101.154.132|:443... connected.
GnuTLS: A TLS fatal alert has been received.
Unable to establish SSL connection.