download_runtime SSLHandshakeError

[eddideku]

Hello,

Attempting to run m2ee download_runtime I get the following error:

ERROR: Checking download url https://download.mendix.com/runtimes/mendix-7.23.8.58888.tar.gz failed: SSLHandshakeError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727)

What's bizarre is I can easily do a

wget https://download.mendix.com/runtimes/mendix-7.23.8.58888.tar.gz

and the package will download into my ~/ directory.

Is there a work around for this?

[knorrie]

Hi,

Which version of the tooling are you running? Since v7.x it's using curl under the hood to do the actual download work.

Please run m2ee -vvv and then do download_runtime. The debug logging will show you which actual command is executed. For example: "TRACE: Executing ['curl', '-#', '--fail', '--output', '/home/knorrie/myapp/runtimes/download_runtime_tmp_vTiWIg/runtime-7.23.3.48173.tgz', 'https://download.mendix.com/runtimes/mendix-7.23.3.48173.tar.gz']"

Now just do a similar curl on the command line. Point -o to /dev/null and if that fails, please share the error. At this point, it's a matter of your operating system and TLS libraries.

Thanks.

[tao-zhang]

@knorrie @pommi We are now experiencing similar issue, I believe it just started from a couple days ago , because m2ee download worked fine 2 weeks ago. Here is the error message:

ERROR: Checking download url https://download.mendix.com/runtimes/mendix-7.23.13.3928.tar.gz failed: SSLHandshakeError: [SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:618)

The version of m2ee we use is 0.5.11.4. Meanwhile, if download this runtime with curl on the same machine, it works well.

I'm wondering if Mendix has changed runtime hosting to new CDN as we planned before?

[jeohist]

@tao-zhang That is correct.

[tao-zhang]

@jeohist Thank you for the response! Do you mean Mendix has changed runtime hosting to new CDN recently? In 2 weeks?

[jeohist]

@tao-zhang Yes, on March 25th at 14:35 CET.

[tao-zhang]

@jeohist Thank you very much!

I know the m2ee we use is very old, SSL could be not compatible with the new CDN. But we can't upgrade it shortly, as it runs on a CentOS machine. Can you please help check with @knorrie or @pommi if there is some work-around for this issue?

[tao-zhang]

@jeohist @knorrie @pommi We have managed to downloaded latest source code to CentOS, and it works now!

When do you plan to release a new RPM package?

[knorrie]

[...] if there is some work-around for this issue?

Download the file and extract it yourself, into the location where your mendix runtime versions are stored.

When do you plan to release a new RPM package?

There is no plan to do that. Reasons are lack of RPM packaging skills (internally it's all Debian based systems), lack of test environment, lack of time to build test environments and test different versions of Centos and other distros.

I would recommend to just git clone this repository and run it from the master branch, or some other option listed in: https://github.com/mendix/m2ee-tools/blob/develop/doc/non-root-install.md

If there is anyone in the community, or at a customer that has these skills and would want to help with it... that would be much appreciated of course.

[tao-zhang]

Thank you @knorrie , we have followed the link of no-root-install, it works great!