planet.gnome.org

Support requests, bug reports, etc. go here. Dedicated servers / VDS hosting only
cevi
Bear Rating Trainee
Bear Rating Trainee
Posts: 2
Joined: 13 Jul 2013, 11:07

planet.gnome.org

Postby cevi » 13 Jul 2013, 11:14

Hej,

I have troubles adding the planet.gnome.org feed to my tt-rss instance. Every other rssfeed of mine works perfectly, I wanted to ask if someone else can confirm the error when subscribing to this feed.
Both atom and rss2.0 don't work.

URLs:
https://planet.gnome.org/atom.xml
https://planet.gnome.org/rss20.xml

The error message from tt-rss is
Couldn't download the specified URL: 35 error:14077458:SSL routines:SSL23_GET_SERVER_HELLO:reason(1112)

It's the only rss feed from an encrypted website, which would also explain the error message.
My webserver is apache 2.2.16 and the php server is 5.3.3 from Debian Squeeze, php5-curl is also installed.

Best regards,
Cevi

User avatar
LifeWOutMilk
Bear Rating Disaster
Bear Rating Disaster
Posts: 52
Joined: 02 Apr 2013, 21:57

Re: planet.gnome.org

Postby LifeWOutMilk » 13 Jul 2013, 19:57


User avatar
davidm
Plays it by ear
Posts: 115
Joined: 29 Mar 2012, 20:10
Contact:

Re: planet.gnome.org

Postby davidm » 14 Jul 2013, 15:08

I can confirm. I don't get new items from planet Gnome feed since june 24. Same error. And it also affects other feeds from that server, as the feed in extensions.gnome.org. Probably their problem.

cevi
Bear Rating Trainee
Bear Rating Trainee
Posts: 2
Joined: 13 Jul 2013, 11:07

Re: planet.gnome.org

Postby cevi » 16 Jul 2013, 07:17

LifeWoutMilk: thanks for the link. That's exactly the reason for this error. I added the line suggested in the stackoverflow thread

curl_setopt($ch, CURLOPT_SSLVERSION,3);

to the function geturl in include/functions.php and now it's working. This is of course not a general fix for the problem, but just fixes a bug in the version of openssl distributed by debian squeeze (old stable) (0.9.8o). This bug should not occur for openssl > 1.0.

User avatar
fox
^ me reading your posts ^
Posts: 6318
Joined: 27 Aug 2005, 22:53
Location: Saint-Petersburg, Russia
Contact:

Re: planet.gnome.org

Postby fox » 16 Jul 2013, 07:39

can this be wrapped in a version check of some kind?

craywolf
Mr. Awesome
Posts: 97
Joined: 19 Mar 2013, 18:07

Re: planet.gnome.org

Postby craywolf » 16 Jul 2013, 14:10

fox wrote:can this be wrapped in a version check of some kind?


Based on that curl bug report, the bug was introduced in 0.9.8h. Assuming this list of OpenSSL version numbers is accurate, and that the bug is fixed in 1.0.0...

Code: Select all

if((OPENSSL_VERSION_NUMBER >= 0x0090808f) && (OPENSSL_VERSION_NUMBER < 0x10000000)) {
    curl_setopt($ch, CURLOPT_SSLVERSION,3);
}


That should do it. Untested, btw, and I make no promise it won't break fetching a feed on some screwed up server somewhere that's missing SSL3.0 support.

Note this does not apply fix to the 1.0.0-beta versions because it appears some non-beta releases (1.0.0-fips) report beta version numbers (0x10000003) so who knows. If someone is running under an actual beta release of OpenSSL then they need to stop that anyway.

User avatar
fox
^ me reading your posts ^
Posts: 6318
Joined: 27 Aug 2005, 22:53
Location: Saint-Petersburg, Russia
Contact:

Re: planet.gnome.org

Postby fox » 16 Jul 2013, 14:15

I'll add this and we'll see if anyone complains. :)

dimi
Bear Rating Trainee
Bear Rating Trainee
Posts: 1
Joined: 03 Jan 2014, 20:14

Re: planet.gnome.org

Postby dimi » 03 Jan 2014, 20:24

Did somebody complain? I have some more sites which do not support SSLv3 any more and my server is running SSL 9080ff (current debian wheezy openssl).

I checked if there are any sites which i follow and do not support TLSv1, and did not found any... so I changed

curl_setopt($ch, CURLOPT_SSLVERSION, 3);
to
curl_setopt($ch, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1);

and it worked perfectly.

Were there any complains about this or why did it not get updated?


Return to “Support”

Who is online

Users browsing this forum: No registered users and 11 guests