Opened 11 months ago

Last modified 5 months ago

#2384 new task

Upgrade old-adhoc from wheezy to jessie

Reported by: robe Owned by: sac@…
Priority: blocker Milestone: Sysadmin Contract 2020-I
Component: Systems Admin Keywords:
Cc: Jeff McKenna

Description

The curl and wget on old-adhoc is really old 7.26. For comparison tracsvn which I already upgraded to jessie is at 7.38.

As a results https calls on old-adhoc using newer ciphers are failing.

I plan to do a test upgrade on a copy of old-adhoc on osgeo4 before doing it on production one. Just to make sure I have accounted for all possible issues.

Change History (5)

comment:1 Changed 11 months ago by Jeff McKenna

Cc: Jeff McKenna added

comment:2 Changed 11 months ago by robe

Added notes as Jeff pointed out

Doing this on old-adhoc fails

 /usr/bin/curl --verbose https://demo.mapserver.org/

with:

curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

But this one succeeds:

  /usr/bin/curl --verbose https://demo.pycsw.org/

Both are using letsencrypt ssl certs so perhaps the cyphers are different.

https://www.ssllabs.com/ssltest/analyze.html?d=demo.pycsw.org&latest Returns an A+ rating

https://www.ssllabs.com/ssltest/analyze.html?d=demo.mapserver.org&latest

I figured out the difference -- demo.mapserver.org is pointing at localhost so is using internal ssl cert which is probably expired and old.

comment:3 Changed 11 months ago by robe

Summary: Upgrade old-adhoc from wheezy to jessie and upgrade the curlUpgrade old-adhoc from wheezy to jessie

So getting rid of the entry in /etc/hosts fixed the immediate issue of curl failure. I'm going to keep this open because needs an upgrade.

comment:4 Changed 8 months ago by robe

Milestone: Sysadmin Contract 2019-IISysadmin Contract 2020-I

comment:5 Changed 5 months ago by Jeff McKenna

This is now a current blocker for the MapServer project (see ticket #2459).

Note: See TracTickets for help on using tickets.