Forum Bugs

Can't load images: SSL handshake error

daneren2005
I am getting a error whenever I try to hit a CDN (KeyCDN).

warning: gnutls_handshake() failed: Handshake failed

I can't find any way around this issue. I am on Ubuntu 14.04. I have tried using both the most recent version, as well as the alpha build. The linux statically linked version gives a different error:

warning: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

I am guessing this all due to the version of curl you guys include. Is there not a way to either use the system's version since that works fine?
mikeday
Actually it is using the system libcurl, but it may be a GnuTLS vs. OpenSSL issue. Can you try running these commands and paste the results:
ldd /usr/lib/prince/bin/prince | grep curl
ldd /usr/bin/curl | grep curl


daneren2005
Can I switch it to be referencing the OpenSSL version then?

libcurl-gnutls.so.4 => /usr/lib/x86_64-linux-gnu/libcurl-gnutls.so.4 (0x00007f70b02f9000)
libcurl.so.4 => /usr/lib/x86_64-linux-gnu/libcurl.so.4 (0x00007fef04206000)
daneren2005
This url is going to a redirect. Would that be the issue? Do you pass -L to curl so it follow the redirects?
mikeday
The redirect shouldn't be a problem, it looks like it's just GnuTLS. I will build an updated alpha with OpenSSL, it should be ready shortly.
mikeday
Okay, here are updated alpha packages for Prince running on 64-bit Ubuntu 14.04. It should be linking with the OpenSSL-based libcurl now if both are present.
daneren2005
That version I couldn't seem to get working. It wasn't seeing my config for some reason. I was getting many errors about not being able to see the license, font, etc files. I verified many times that the permissions were correct and reverting back to the old version works fine again.

Some info:
I don't run it out the /usr/bin/prince directory
I have app-armor installed, but I tried turning that off and restarting php5-fpm.
It was trying to create a .cache directory at the root web folder. I don't like that since I be default have that all non-writable to the web service.
mikeday
That sounds odd. Can you run it manually from the command-line? Prince does not create any .cache directories, so that must be coming from some other library.