Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can not update behind proxy #195

Closed
alexxbb opened this issue Jul 16, 2021 · 6 comments
Closed

Can not update behind proxy #195

alexxbb opened this issue Jul 16, 2021 · 6 comments
Labels
question

Comments

@alexxbb
Copy link

alexxbb commented Jul 16, 2021 

setenv HTTPS_PROXY https://proxy.$HOST.com:8080

// WGET  works
>> wget https://github.com/tldr-pages/tldr/archive/master.tar.gz
....

>> tldr --update
Could not update cache: HTTP error: error sending request for url (https://github.com/tldr-pages/tldr/archive/master.tar.gz): error trying to connect: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:794:```

>> tldr --version
tealdeer v1.4.1 (Linux)
@dbrgn
Copy link
Collaborator

dbrgn commented Jul 16, 2021

Could it be that your proxy does not actually support TLS/HTTPS? Does it work if you unset HTTPS_PROXY and set HTTP_PROXY instead?

If not, does your proxy host have a valid HTTPS setup with a non-self-signed certificate?

@dbrgn dbrgn added the question label Jul 16, 2021
@dbrgn
Copy link
Collaborator

dbrgn commented Jul 16, 2021

(HTTP Proxies in general should work, see #68. This must be an issue with your proxy server configuration.)

@alexxbb
Copy link
Author

alexxbb commented Jul 16, 2021

Could it be that your proxy does not actually support TLS/HTTPS? Does it work if you unset HTTPS_PROXY and set HTTP_PROXY instead?

If not, does your proxy host have a valid HTTPS setup with a non-self-signed certificate?

setenv HTTP_PROXY http://proxy.$HOST.com:8080

Doesn't work either. It could be that our proxy is old and/or very strict. Our environment is very isolated, but the infra team said it should just work, because .. curl and wget work...

@dbrgn
Copy link
Collaborator

dbrgn commented Jul 16, 2021

It could also be that the proxy uses old (insecure) versions of SSL, which are not supported anymore by the reqwests library and its TLS stack.

In case you have the openssl binary installed, what does openssl s_client -connect your-proxy:8080 return? For example:

$ openssl s_client -connect github.com:443 2>/dev/null | grep Cipher
New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256

@dbrgn
Copy link
Collaborator

dbrgn commented Jul 16, 2021

Note: There was an attempt at making network support optional (#72), but it was dropped as nobody seemed to care about it (and it would have added quite some additional maintenance cost).

@alexxbb
Copy link
Author

alexxbb commented Jul 20, 2021

>> openssl s_client -connect github.com:443
socket: Bad file descriptor connect:errno=9

I'm going to close this, because our super isolated environment is probably to secure and(or) outdated that it's not worth spending time on it. I can still download the .tar file manually with wget.

Thank you!

@alexxbb alexxbb closed this as completed Jul 20, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dbrgn @alexxbb