[SERVER-36090] install_compass fails on MacOS due to SSL version Created: 12/Jul/18  Updated: 09/Nov/18  Resolved: 13/Aug/18

Status: Closed
Project: Core Server
Component/s: Build, Packaging
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Critical - P2
Reporter: Daniel Pasette (Inactive) Assignee: Mathew Robinson (Inactive)
Resolution: Duplicate Votes: 0
Labels: build-planned
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Duplicate
duplicates SERVER-35737 install_compass fails on MacOS Closed
Related
Operating System: ALL
Sprint: Build 2018-07-16, Build 2018-07-30, Build 2018-08-13
Participants:
Story Points: 8

 Description   

monkey101:Downloads$ ./mongodb-osx-x86_64-4.0.0/bin/install_compass
Traceback (most recent call last):
  File "./mongodb-osx-x86_64-4.0.0/bin/install_compass", line 173, in <module>
    download_and_install_compass()
  File "./mongodb-osx-x86_64-4.0.0/bin/install_compass", line 157, in download_and_install_compass
    pkg = download_pkg(link, pkg_format=pkg_format)
  File "./mongodb-osx-x86_64-4.0.0/bin/install_compass", line 58, in download_pkg
    res = urllib.urlretrieve(link, filename=tmpf[1], reporthook=download_progress)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib.py", line 98, in urlretrieve
    return opener.retrieve(url, filename, reporthook, data)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib.py", line 245, in retrieve
    fp = self.open(url, data)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib.py", line 213, in open
    return getattr(self, name)(url)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib.py", line 443, in open_https
    h.endheaders(data)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/httplib.py", line 1049, in endheaders
    self._send_output(message_body)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/httplib.py", line 893, in _send_output
    self.send(msg)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/httplib.py", line 855, in send
    self.connect()
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/httplib.py", line 1274, in connect
    server_hostname=server_hostname)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 352, in wrap_socket
    _context=self)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 579, in __init__
    self.do_handshake()
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 808, in do_handshake
    self._sslobj.do_handshake()
IOError: [Errno socket error] [SSL: UNSUPPORTED_PROTOCOL] unsupported protocol (_ssl.c:590)

The link for the compass download is behind the load balancer, which has disabled older TLS versions.

There are a couple of possible solutions we should consider.



 Comments   
Comment by Daniel Pasette (Inactive) [ 13/Jul/18 ]

This was fixed by TechOps temporarily, but I'd like to ship a more solid fix in 4.0.1 if possible and to add some testing and better error handling in the meantime.

Comment by Mark Benvenuto [ 12/Jul/18 ]

Curl on macOS uses Apple's SecureTransport which supports TLS 1.2 Apple's Python is linked against OpenSSL 0.9.8 which lacks support.

Generated at Thu Feb 08 04:42:00 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.