Php compiled with Curl & GNUTLS - curl fails to validate some certs

php

#1

We have problems with PHP’s Curl. The only difference to all of other plafroms seems to be the fact, the PHP’s Curl is compiled with GnuTLS support, not the OpenSSL.

The error is: cURL error 35: gnutls_handshake() failed: A TLS fatal alert has been received.

Such error happes also when SSL verification is disabled!
Is there any reason why not to compile with OpenSSL?


#2

We have a similar problem:
Our deploy step uses n .phar file which uses guzzle to perform some curls to prod. Unfortunately we get the same error cURL error 35: gnutls_handshake() failed: A TLS fatal alert has been received.


#3

We’re getting the same exact error, and the only difference seems to be that cURL is compiled with GnuTLS rather than OpenSSL. There was a known bug in gnutls that will return this error when making a connection over https (and thus a git fetch over https will fail), and it was introduced in gnutls version 7.21.6-3. Does CircleCI possibly use this older version? It would be nice if we could use a cURL compiled with OpenSSL, it seems that would fix the error.

Here is the error message:
[curl] 35: gnutls_handshake() failed: A TLS fatal alert has been received.


#4

A solution for this is to upgrade to our 14.04 ‘Trusty’ build image via the Project Settings > Build Environment menu.


#5

i’m getting the exact same issue. i’ll try upgrading the image but where do I find project settings / build environment? I only see builds, add projects, team, account settings.

maybe you can check my account and help me do it?


#6

At the top right of the page when you are looking at a project (individual builds or build summary page) you’ll see a ‘gear icon’:

Click that and you’ll see all the project settings, including ‘Build Environment’ option.


#7

I’m still having this issue using 14.04: An error occurred: gnutls_handshake() failed: Handshake failed.

Some others also had a similar issue when attempting to validate a cert from the sensiolabs security-scanner:

See https://github.com/sensiolabs/security-checker/pull/77 for some more details.

They provide a workaround, but it’s not idea. Any idea what this issue is coming up?


#8