Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Pipeline SSL curl error when downloading gcloud sdk

Chris Stryczynski
Chris Stryczynski October 24, 2017

This previously worked fine, and seems to have stopped working.

I'm using the default pipeline image, I'm getting the following output for curl:

 + curl -vv -o /tmp/google-cloud-sdk.tar.gz https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-155.0.0-linux-x86_64.tar.gz
* Hostname was NOT found in DNS cache
 % Total % Received % Xferd Average Speed Time Time Time Current
 Dload Upload Total Spent Left Speed
 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 172.217.7.174...
 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to dl.google.com (172.217.7.174) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
 CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
} [data not shown]
* SSLv3, TLS handshake, Server hello (2):
{ [data not shown]
* SSLv3, TLS handshake, CERT (11):
{ [data not shown]
* SSLv3, TLS alert, Server hello (2):
} [data not shown]
* SSL certificate problem: unable to get local issuer certificate
 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

 

Answer
Watch
Like Be the first to like this
1717 views

2 answers

1 accepted

0 votes
Answer accepted
Chris Stryczynski
Chris Stryczynski October 24, 2017

I had to revert to the old image (set the following in the pipeline config):
image: atlassian/default-image:1.57

View More Comments
Swapnil Deshpande
Swapnil Deshpande October 24, 2017

Awesome! Reverted to old tag & it works perfect. Not sure, what is wrong with latest version.

Like
Raul Gomis
Raul Gomis
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 7, 2017

Hi @Chris Stryczynski Sorry for that. We have already fixed it by upgrading to ubuntu:14.04.5 our current atlassian/default-image.

You can now use the image atlassian/default-image:1.71 or use the latest v1 image version atlassian/default-image:1

Please, let me know if you have any more questions or observe other weird behavior.

Regards!

Raul

Like
Reply
0 votes
Chris Stryczynski
Chris Stryczynski October 24, 2017

Here it is with verbose output:

 + curl -vv -o /tmp/google-cloud-sdk.tar.gz https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-155.0.0-linux-x86_64.tar.gz
* Hostname was NOT found in DNS cache
 % Total % Received % Xferd Average Speed Time Time Time Current
 Dload Upload Total Spent Left Speed
 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 172.217.7.174...
 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to dl.google.com (172.217.7.174) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
 CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
} [data not shown]
* SSLv3, TLS handshake, Server hello (2):
{ [data not shown]
* SSLv3, TLS handshake, CERT (11):
{ [data not shown]
* SSLv3, TLS alert, Server hello (2):
} [data not shown]
* SSL certificate problem: unable to get local issuer certificate
 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events