Fresh build fails with: TLS failure: signature verification failed: bad signature

whoek / scrumdog

scrumdog: Utility to export Jira Issues to SQLite database

MIT License

6 stars 0 forks source link

Fresh build fails with: TLS failure: signature verification failed: bad signature #4

Open swist opened 1 year ago

swist commented 1 year ago

Steps to reproduce:

dune build
scrumdog -j
edit the sample.jql file
scrumdog sample.jql

Output:

*****************************************************
Scrumdog 0.51  build 680
Release-date: 2023-04-16
****************************************************

 Log folder: Create folder 'log'
Configuration file:
Jira server:   ******
Jira token: *********************************************************************************************************************************************************************************************
Email:         ***
Database file: jira.db
Table prefix:  KEY
JQL:           project = KEY

 Parsed jql file
2023-04-20 15:22:24 - SQLite: Create table 'KEY_fields'
2023-04-20 15:22:24 - SQLite: Create table 'KEY_issues'
2023-04-20 15:22:24 - Jira: Get Issue FieldsFatal error: exception TLS failure: signature verification failed: bad signature

Do I need to install a specific version of tls-jwt?

whoek commented 1 year ago

@swist -- Many Thanks for trying it out.

I am using it with different OCaml versions and package versions with no issues, but anything is possible.

Not quite sure yet what is the issue - but will try to replicate it on my side.

When listing the Jira Cloud server, it need to be in this format: https://example.atlassian.net/
Which OS are you using (Windows, Linux or OSX)?

What is you OCaml package version for those listed below - get them by typing opam list

ca-certs              0.2.3
mirage-crypto         0.11.1
tls-lwt               0.17.0
x509                  0.16.4

Which version of OCaml are you using? ocaml --version
You may also want to try opam reinstall tls-lwt

THANKS

swist commented 1 year ago

Hey! Thanks for quick reply. I picked this up for similar reasons to you (wanted to learn something new) so I'm still learning the tooling!

I'm on OSX (ARM), Jira Cloud Server URI matches the expected format.

The package versions you care about are:

ca-certs              0.2.3       Detect root CA certificates from the operating system
mirage-crypto         0.11.1
x509                  0.16.4      Public Key Infrastructure (RFC 5280, PKCS) purely in OCaml
tls-lwt               0.17.0      Transport Layer Security purely in OCaml, Lwt layer

They appear to match.

Ocaml version

❯ ocaml --version                                                                                                                                                                                                                                                   9:27
The OCaml toplevel, version 5.0.0

Reinstalling tls-lwt and rebuilding yielded the same error

whoek commented 1 year ago

@swist

Could you test this sample code to check if tls-lwt is working OK on your machine https://github.com/whoek/ocaml-https-demo

swist commented 1 year ago

Hey, thanks for the reduced example. Looks like there is something wrong with my local setup -

Done: 57% (4/7, 3 left) (jobs: 0)Fatal error: exception Unix.Unix_error(Unix.ECONNRESET, "read", "")

if it's useful in any way, running:

openssl s_client -connect httpbin.org:443

Results in a successful SSL handshake on my machine. Perhaps I need to pass something to let lwt know where to link the local cert store? (not sure if it's a different location on arm)