Can't load images: SSL handshake error
I am getting a error whenever I try to hit a CDN (KeyCDN).
warning: gnutls_handshake() failed: Handshake failed
I can't find any way around this issue. I am on Ubuntu 14.04. I have tried using both the most recent version, as well as the alpha build. The linux statically linked version gives a different error:
warning: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
I am guessing this all due to the version of curl you guys include. Is there not a way to either use the system's version since that works fine?
Actually it is using the system libcurl, but it may be a GnuTLS vs. OpenSSL issue. Can you try running these commands and paste the results:
ldd /usr/lib/prince/bin/prince | grep curl
ldd /usr/bin/curl | grep curl
Can I switch it to be referencing the OpenSSL version then?
libcurl-gnutls.so.4 => /usr/lib/x86_64-linux-gnu/libcurl-gnutls.so.4 (0x00007f70b02f9000)
libcurl.so.4 => /usr/lib/x86_64-linux-gnu/libcurl.so.4 (0x00007fef04206000)
This url is going to a redirect. Would that be the issue? Do you pass -L to curl so it follow the redirects?
The redirect shouldn't be a problem, it looks like it's just GnuTLS. I will build an updated alpha with OpenSSL, it should be ready shortly.
Okay, here are updated
alpha packages for Prince running on 64-bit Ubuntu 14.04. It should be linking with the OpenSSL-based libcurl now if both are present.
That version I couldn't seem to get working. It wasn't seeing my config for some reason. I was getting many errors about not being able to see the license, font, etc files. I verified many times that the permissions were correct and reverting back to the old version works fine again.
Some info:
I don't run it out the /usr/bin/prince directory
I have app-armor installed, but I tried turning that off and restarting php5-fpm.
It was trying to create a .cache directory at the root web folder. I don't like that since I be default have that all non-writable to the web service.
That sounds odd. Can you run it manually from the command-line? Prince does not create any .cache directories, so that must be coming from some other library.