search

wbond / package_control

The Sublime Text package manager
https://packagecontrol.io
4.79k stars 816 forks source link

Cannot upgrade/install any package due to an SSL certificate problem #913

Closed elboletaire closed 9 years ago

elboletaire commented 9 years ago

Today I'm having issues while trying to install or upgrade new packages.

It seems that Sublime tries to connect to a source which SSL certificate has expired. Here's de full log when trying to install a package (QuickLinks package in this case):

ignored packages updated to: ["Makefile", "Matlab", "SFTP", "ASP", "PyV8", "Laravel Blade Highlighter", "GitGutter", "Markdown Preview", "Monokai Extended", "LaTeX", "DocBlockr", "LiveScript", "FileDiffs", "Clojure", "PHP-Twig", "Sublimerge Pro", "Text Pastry", "ColorPicker", "R", "Case Conversion", "D", "Vintage", "Lisp", "ShowEncoding", "Unity Completions", "Scala", "ActionScript", "Graphviz", "Emmet", "BBCode", "INI", "OCaml", "Markdown Extended", "Erlang", "PackageResourceViewer", "Groovy", "nginx", "Go", "Markdown", "EncodingHelper", "Lua", "Tortoise", "QuickLinks"]
reloading Packages/User/Preferences.sublime-settings
Package Control: Error downloading package. b'curl: (60) SSL certificate problem: certificate has expired\nMore details here: http://curl.haxx.se/docs/sslcerts.html\n\ncurl performs SSL certificate verification by default, using a "bundle"\n of Certificate Authority (CA) public keys (CA certs). If the default\n bundle file isn\'t adequate, you can specify an alternate file\n using the --cacert option.\nIf this HTTPS server uses a certificate signed by a CA represented in\n the bundle, the certificate verification probably failed due to a\n problem with the certificate (it might be expired, or the name might\n not match the domain name in the URL).\nIf you\'d like to turn off curl\'s verification of the certificate, use\n the -k (or --insecure) option.' downloading https://bitbucket.org/sigzegv/quicklinks/get/master.zip.
ignored packages updated to: ["Makefile", "Matlab", "SFTP", "ASP", "PyV8", "Laravel Blade Highlighter", "GitGutter", "Markdown Preview", "Monokai Extended", "LaTeX", "DocBlockr", "LiveScript", "FileDiffs", "Clojure", "PHP-Twig", "Sublimerge Pro", "Text Pastry", "ColorPicker", "R", "Case Conversion", "D", "Vintage", "Lisp", "ShowEncoding", "Unity Completions", "Scala", "ActionScript", "Graphviz", "Emmet", "BBCode", "INI", "OCaml", "Markdown Extended", "Erlang", "PackageResourceViewer", "Groovy", "nginx", "Go", "Markdown", "EncodingHelper", "Lua", "Tortoise"]
reloading Packages/User/Preferences.sublime-settings

This is occurring under Ubuntu Linux 14.04.1 using Sublime Text 3dev Build 3079.

Using the stable version of Sublime Text 3 under Mac worked without problems (cannot test it under Linux, sorry).

If this is not a package_control error, please let me know and I'll notify it to SublimeText developers (it seems more like a Sublime Error because the bitbucket SSL it's ok).

I've also tried with packages coming from github with same results.

wbond commented 9 years ago

Please turn on the debug setting and provide a debug log, as instructed at https://github.com/wbond/package_control/blob/master/contributing.md.

I'm fairly certain the packagecontrol.io, github.com and bitbucket.org certs are all not expired. So most likely you are either downloading a package from somewhere else that does have an expired cert, or your CA certs are out-of-date.

Either way, the debug log will show us more info to help diagnose.

elboletaire commented 9 years ago

Sorry, I didn't see that document.

Here's the debug when I select "Install":

Package Control: Fetching list of available packages
  Platform: linux-x64
  Sublime Text Version: 3079
  Package Control Version: 2.0.0-alpha7
Package Control: Download Debug
  URL: https://sublime.wbond.net/repositories.json
  Resolved IP: 50.116.34.243
  Timeout: 30
Package Control: Curl Debug Proxy
  http_proxy: 
  https_proxy: 
  proxy_username: 
  proxy_password: 
Package Control: Trying to execute command /usr/bin/curl --user-agent 'Sublime Package Control v2.0.0-alpha7' --connect-timeout 30 -sSL --compressed --dump-header /tmp/tmpspqo7d --header 'If-Modified-Since: Fri, 20 Mar 2015 12:00:18 GMT' --cacert '/home/elboletaire/.config/sublime-text-3/Packages/User/Package Control.ca-bundle' -v https://sublime.wbond.net/repositories.json
Package Control: Curl HTTP Debug General
  Hostname was NOT found in DNS cache
    Trying 50.116.34.243...
  Connected to sublime.wbond.net (50.116.34.243) port 443 (#0)
  successfully set certificate verify locations:
    CAfile: /home/elboletaire/.config/sublime-text-3/Packages/User/Package Control.ca-bundle
    CApath: /etc/ssl/certs
  SSLv3, TLS handshake, Client hello (1):
  SSLv3, TLS handshake, Server hello (2):
  SSLv3, TLS handshake, CERT (11):
  SSLv3, TLS handshake, Server key exchange (12):
  SSLv3, TLS handshake, Server finished (14):
  SSLv3, TLS handshake, Client key exchange (16):
  SSLv3, TLS change cipher, Client hello (1):
  SSLv3, TLS handshake, Finished (20):
  SSLv3, TLS change cipher, Client hello (1):
  SSLv3, TLS handshake, Finished (20):
  SSL connection using ECDHE-RSA-AES256-GCM-SHA384
  Server certificate:
     subject: serialNumber=f42O34HKwvQTRlRAsXiRPvAWUUwbo22p; OU=GT52951423; OU=See www.rapidssl.com/resources/cps (c)15; OU=Domain Control Validated - RapidSSL(R); CN=sublime.wbond.net
     start date: 2015-02-24 06:47:53 GMT
     expire date: 2016-03-29 02:42:51 GMT
     subjectAltName: sublime.wbond.net matched
     issuer: C=US; O=GeoTrust, Inc.; CN=RapidSSL CA
     SSL certificate verify ok.
Package Control: Curl HTTP Debug Write
  GET /repositories.json HTTP/1.1
  User-Agent: Sublime Package Control v2.0.0-alpha7
  Host: sublime.wbond.net
  Accept: */*
  Accept-Encoding: deflate, gzip
  If-Modified-Since: Fri, 20 Mar 2015 12:00:18 GMT
Package Control: Curl HTTP Debug Read
  HTTP/1.1 200 OK
Package Control: Curl HTTP Debug General
  Server nginx is not blacklisted
Package Control: Curl HTTP Debug Read
  Server: nginx
  Date: Fri, 20 Mar 2015 14:28:41 GMT
  Content-Type: application/json
  Last-Modified: Fri, 20 Mar 2015 14:20:17 GMT
  Transfer-Encoding: chunked
  Connection: keep-alive
  Vary: Accept-Encoding
  Content-Encoding: gzip
Package Control: Curl HTTP Debug General
  Connection #0 to host sublime.wbond.net left intact
Package Control: Caching https://sublime.wbond.net/repositories.json in 4b866486d124fe4bf800028de1dd1b4f
Package Control: Download Debug
  URL: https://sublime.wbond.net/alpha/packages.json
  Resolved IP: 50.116.34.243
  Timeout: 30
Package Control: Curl Debug Proxy
  http_proxy: 
  https_proxy: 
  proxy_username: 
  proxy_password: 
Package Control: Trying to execute command /usr/bin/curl --user-agent 'Sublime Package Control v2.0.0-alpha7' --connect-timeout 30 -sSL --compressed --dump-header /tmp/tmpgsr7g8 --header 'If-Modified-Since: Fri, 09 Aug 2013 11:43:45 GMT' --cacert '/home/elboletaire/.config/sublime-text-3/Packages/User/Package Control.ca-bundle' -v https://sublime.wbond.net/alpha/packages.json
Package Control: Curl HTTP Debug General
  Hostname was NOT found in DNS cache
    Trying 50.116.34.243...
  Connected to sublime.wbond.net (50.116.34.243) port 443 (#0)
  successfully set certificate verify locations:
    CAfile: /home/elboletaire/.config/sublime-text-3/Packages/User/Package Control.ca-bundle
    CApath: /etc/ssl/certs
  SSLv3, TLS handshake, Client hello (1):
  SSLv3, TLS handshake, Server hello (2):
  SSLv3, TLS handshake, CERT (11):
  SSLv3, TLS handshake, Server key exchange (12):
  SSLv3, TLS handshake, Server finished (14):
  SSLv3, TLS handshake, Client key exchange (16):
  SSLv3, TLS change cipher, Client hello (1):
  SSLv3, TLS handshake, Finished (20):
  SSLv3, TLS change cipher, Client hello (1):
  SSLv3, TLS handshake, Finished (20):
  SSL connection using ECDHE-RSA-AES256-GCM-SHA384
  Server certificate:
     subject: serialNumber=f42O34HKwvQTRlRAsXiRPvAWUUwbo22p; OU=GT52951423; OU=See www.rapidssl.com/resources/cps (c)15; OU=Domain Control Validated - RapidSSL(R); CN=sublime.wbond.net
     start date: 2015-02-24 06:47:53 GMT
     expire date: 2016-03-29 02:42:51 GMT
     subjectAltName: sublime.wbond.net matched
     issuer: C=US; O=GeoTrust, Inc.; CN=RapidSSL CA
     SSL certificate verify ok.
Package Control: Curl HTTP Debug Write
  GET /alpha/packages.json HTTP/1.1
  User-Agent: Sublime Package Control v2.0.0-alpha7
  Host: sublime.wbond.net
  Accept: */*
  Accept-Encoding: deflate, gzip
  If-Modified-Since: Fri, 09 Aug 2013 11:43:45 GMT
Package Control: Curl HTTP Debug Read
  HTTP/1.1 304 Not Modified
Package Control: Curl HTTP Debug General
  Server nginx is not blacklisted
Package Control: Curl HTTP Debug Read
  Server: nginx
  Date: Fri, 20 Mar 2015 14:28:42 GMT
  Last-Modified: Fri, 09 Aug 2013 11:43:45 GMT
  Connection: keep-alive
  ETag: "5204d5f1-2e"
Package Control: Curl HTTP Debug General
  Connection #0 to host sublime.wbond.net left intact
Package Control: Using cached content for https://sublime.wbond.net/alpha/packages.json
Package Control: Found git at "/usr/bin/git"
Package Control: Trying to execute command /usr/bin/git fetch
Package Control: Trying to execute command /usr/bin/git log ..--ff/--commit
Package Control: Unable to find file package-metadata.json in the package folder for Sublimerge Pro
Package Control: Unable to find file package-metadata.json in the sublime-package file for Sublimerge Pro
Package Control: Unable to find file package-metadata.json in the package Sublimerge Pro

And this when I try to install:

ignored packages updated to: ["Makefile", "Matlab", "SFTP", "ASP", "PyV8", "Laravel Blade Highlighter", "GitGutter", "Markdown Preview", "Monokai Extended", "LaTeX", "DocBlockr", "LiveScript", "FileDiffs", "Clojure", "PHP-Twig", "Sublimerge Pro", "Text Pastry", "ColorPicker", "R", "Case Conversion", "D", "Vintage", "Lisp", "ShowEncoding", "Unity Completions", "Scala", "ActionScript", "Graphviz", "Emmet", "BBCode", "INI", "OCaml", "Markdown Extended", "Erlang", "PackageResourceViewer", "Groovy", "nginx", "Go", "Markdown", "EncodingHelper", "Lua", "Tortoise", "QuickLinks"]
Package Control: Fetching list of available packages
  Platform: linux-x64
  Sublime Text Version: 3079
  Package Control Version: 2.0.0-alpha7
Package Control: Unable to find a sublime-package file for QuickLinks
Package Control: Unable to find file package-metadata.json in the package QuickLinks
Package Control: Download Debug
  URL: https://bitbucket.org/sigzegv/quicklinks/get/master.zip
  Resolved IP: 131.103.20.168
  Timeout: 30
Package Control: Curl Debug Proxy
  http_proxy: 
  https_proxy: 
  proxy_username: 
  proxy_password: 
Package Control: Trying to execute command /usr/bin/curl --user-agent 'Sublime Package Control v2.0.0-alpha7' --connect-timeout 30 -sSL --compressed --dump-header /tmp/tmpef3h9z --cacert '/home/elboletaire/.config/sublime-text-3/Packages/User/Package Control.ca-bundle' -v https://bitbucket.org/sigzegv/quicklinks/get/master.zip
reloading Packages/User/Preferences.sublime-settings
Package Control: Curl HTTP Debug General
  Hostname was NOT found in DNS cache
    Trying 131.103.20.167...
  Connected to bitbucket.org (131.103.20.167) port 443 (#0)
  successfully set certificate verify locations:
    CAfile: /home/elboletaire/.config/sublime-text-3/Packages/User/Package Control.ca-bundle
    CApath: /etc/ssl/certs
  SSLv3, TLS handshake, Client hello (1):
  SSLv3, TLS handshake, Server hello (2):
  SSLv3, TLS handshake, CERT (11):
  SSLv3, TLS alert, Server hello (2):
  SSL certificate problem: certificate has expired
  Closing connection 0
Package Control: Error downloading package. } [data not shown]} [data not shown]curl: (60) SSL certificate problem: certificate has expiredMore details here: http://curl.haxx.se/docs/sslcerts.htmlcurl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option.If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL).If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option. downloading https://bitbucket.org/sigzegv/quicklinks/get/master.zip.
ignored packages updated to: ["Makefile", "Matlab", "SFTP", "ASP", "PyV8", "Laravel Blade Highlighter", "GitGutter", "Markdown Preview", "Monokai Extended", "LaTeX", "DocBlockr", "LiveScript", "FileDiffs", "Clojure", "PHP-Twig", "Sublimerge Pro", "Text Pastry", "ColorPicker", "R", "Case Conversion", "D", "Vintage", "Lisp", "ShowEncoding", "Unity Completions", "Scala", "ActionScript", "Graphviz", "Emmet", "BBCode", "INI", "OCaml", "Markdown Extended", "Erlang", "PackageResourceViewer", "Groovy", "nginx", "Go", "Markdown", "EncodingHelper", "Lua", "Tortoise"]
reloading Packages/User/Preferences.sublime-settings
wbond commented 9 years ago

Yes, GitHub needs to improve the New Issue page. The document was linked from a yellow box on the create issue page, but due to the styling, most users ignore it.

It turns out you are using a REALLY old, alpha version of Package Control. Follow the directions at https://packagecontrol.io/docs/troubleshooting#Purging_Old_Versions to upgrade.

elboletaire commented 9 years ago

:sweat_smile: sorry for that too then..

And thanks for your help!