[opam-devel] distfiles for ocaml.janestreet.com need an SSL upgrade

Anil Madhavapeddy anil at recoil.org
Sun Oct 4 10:26:47 BST 2015


(x-posting to opam-devel as an fyi in case anyone else runs into this)

Using OSX 10.11 results in an SSLv3 error from the upstream distfile server
on ocaml.janestreet.com.  Could it please be reconfigured to use TLS 1.0 or
higher?  Workaround is to "brew install wget", which is less secure out of the box.

  $ curl --write-out %{http_code}\n --insecure --retry 3 --retry-delay 2 -OL
    https://ocaml.janestreet.com/ocaml-core/113.00/files/sexplib-113.00.00.tar.gz
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  curl: (56) SSLRead() return error -9841

Louis, this manifests as a hard-to-debug error, since the curl command line
doesn't seem to get output anywhere (even when using OPAMDEBUG=1).  Is there
some other way than modifying the OPAM source code to see all the commands
that are being shelled out?

-anil


More information about the opam-devel mailing list