You are not logged in.
Pages: 1
So i'm having issues getting curl through our corporate proxy. Its been a real headache. wget is working fine. Here is whats happening:
curl -Lv [url]https://get.oh-my.fish[/url]
* Uses proxy env variable https_proxy == 'https://username:password%@ourproxyaddress:8080'
* Trying <ourproxyip>...
* TCP_NODELAY set
* Connected to ourproxyurl (ourproxyip) port 8080 (#0)
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to ourproxyurl:8080
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to ourproxyurl:8080
Here is what happens when i try to use wget (which works)
wget [url]https://get.oh-my.fish[/url]
--2018-11-16 08:58:43-- [url]https://get.oh-my.fish/[/url]
Loaded CA certificate '/etc/ssl/certs/ca-certificates.crt'
Resolving ourproxyurl (ourproxyurl)... ourproxyip
Connecting to ourproxyurl (ourproxyurl)|ourproxyip|:8080... connected.
Proxy request sent, awaiting response... 301 Moved Permanently
Location: [url]https://raw.githubusercontent.com/oh-my-fish/oh-my-fish/master/bin/install[/url] [following]
--2018-11-16 08:58:46-- [url]https://raw.githubusercontent.com/oh-my-fish/oh-my-fish/master/bin/install[/url]
Connecting to ourproxyurl (ourproxyurl)|ourproxyip|:8080... connected.
Proxy request sent, awaiting response... 200 OK
Length: 19025 (19K) [text/plain]
Saving to: ‘index.html.3’
index.html.3 100%[=================================================>] 18.58K --.-KB/s in 0.04s
2018-11-16 08:58:47 (501 KB/s) - ‘index.html.3’ saved [19025/19025]
I might be wrong but from what i'm seeing the SSL error is not an error connection to the URL specified but instead connecting to the corporate proxies URL. I tried using the -k (--insecure) option but the same thing happened. Oh a whim i tried to export our corporate proxy certs from my window box. I exported them as *.cer files and renamed them as .crt files (from what i read this SHOULD be possible) and try to import them:
sudo trust anchor --store ~/.certs/cert1.crt
sudo trust anchor --store ~/.certs/cert2.crt
sudo trust anchor --store ~/.certs/cert3.crt
In an ideal situation i would just tell curl to always ignore SSL verification. Maybe what i'm trying to do above can be converted to wget but i'm not sure how (as you can tell i'm trying to install oh-my-fish:
curl -L [url]https://get.oh-my.fish[/url] | fish
Id prefer not to have to mess with the certs if at all possible
Last edited by ncage (2018-11-16 15:40:13)
Offline
Please use code tags for commands and their outputs. Does the --proxy-insecure option to curl have any effect?
Offline
Please use code tags for commands and their outputs. Does the --proxy-insecure option to curl have any effect?
Thanks for the reply and fixed up with code tags but unfortunately that didn't fix it. Same error.
Offline
--proxy-tlsv1 incase it is a tls1.3 issue. See also --proxy-cert and --proxy-capath in the curl man page.
Offline
--proxy-tlsv1 incase it is a tls1.3 issue. See also --proxy-cert and --proxy-capath in the curl man page.
Just a small update unfortunately the --proxy-tlsv1 didn't work. I quickly tried to research the --proxy-cert thing and unfortunately couldn't get it working. I have kind of have my max time i can spend on this issue and will have to come back to it later. I guess until then i will be using zsh.
Do you know if there is a way to convert from the curl command to an equivalent wget command?
Offline
Do you know if there is a way to convert from the curl command to an equivalent wget command?
Yes, there is... You did it yourself in your original post? Can you be more specific as to what you're trying to achieve? Convert *what*?
Offline
ncage wrote:Do you know if there is a way to convert from the curl command to an equivalent wget command?
Yes, there is... You did it yourself in your original post? Can you be more specific as to what you're trying to achieve? Convert *what*?
Like i said i'm trying to install oh-my-fish. The install instructions to install fish is the following:
curl -L https://get.oh-my.fish | fish
just doing
wget https://get.oh-my.fish | fish
doesn't work.
i tried to slightly modify the instructions to install oh-my-zsh would work:
sh -c "$(wget https://get.oh-my.fish -O -)"
which also was a fail...
Last edited by ncage (2018-11-16 20:09:11)
Offline
What is wrong with wget downloading the content from the url to a file, reviewing it then having the shell execute it?
Offline
i tried to slightly modify the instructions to install oh-my-zsh would work:
sh -c "$(wget https://get.oh-my.fish -O -)"
that's wrong... you probably want
wget https://get.oh-my.fish -O - | fish
What is wrong with wget downloading the content from the url to a file, reviewing it then having the shell execute it?
exactly!
Offline
The install instructions to install fish is the following:
curl -L https://get.oh-my.fish | fish
I think @a821 answers your actual question, but that install instruction couldn't be further removed from the "Arch-way", especially if you know you are going through an Internet proxy. That would locally execute anything that is either 1) served by that site or 2) intercepted and forwarded to you by your proxy without knowing what it does. Definitely download it first and verify it's not doing something you don't want it to do.
Offline
What is wrong with wget downloading the content from the url to a file, reviewing it then having the shell execute it?
Nothing. Thats how i fixed it. Thanks....
Offline
Pages: 1