WSL - Ubuntu - Install Travis CLI

[rgleason]

I need to encrypt Github auth_tokens for use in .travis. To do that I need to install TravisCLI onto Linux or use some other Windows oriented program. The reason for TravisCLI is to provide an encrypted certificate for .travis files to push to github Release.

I decided to try to install Travis CLI into WSL-Ubuntu 18.04LTS
Petri has been very helpful with most of this and the hurdles.
A lot of his support is in http://www.cruisersforum.com/forums/...ml#post2915681 and before in that thread.

I've made (or found) the following changes to the firewall to "Allow"

Norton360 Settings > Firewall > Program Control > Ruby
C:\Users\Rick\AppData\Local\Packages\CannonicalGro upLimited.Ubuntu1804onWindows-xxxx/Localstate/rootfs/home/rgleason/.rvm/rubies/ruby-2.6.3/bin/ruby

Norton360 Settings > Firewall > Program Control > Ruby2
C:\Users\Rick\AppData\Local\Packages\CannonicalGro upLimited.Ubuntu1804onWindows-xxxx/Localstate/rootfs/usr/bin/ruby2.5

Norton 360 > Settings > Firewall > Program Control > Add
C:\Windows\System32\wsl.exe Microsoft Windows Subsystem for Linux Launcher

Also I was able to download the file that is causing the hang up using $ wget https://api.rubygems.org/specs.4.8.gz
specs.4.8.gz is in home/rgleason Also I have downloaded it using Win10 Firefox download.


I have executed these commands and they completed properly:

sudo apt-get update
sudo apt-get install ruby
sudo apt-get install gem

<Question: allow restarting of services during package upgrades without asking? Yes> - answered yes
<Windows firewall: for ruby 2.5 allow ruby to communicate ... tick all> - this did not come up to be ticked.

command curl -sSL https://rvm.io/mpapis.asc | gpg --import -
command curl -sSL https://rvm.io/pkuczynski.asc | gpg --import -
curl -sSL https://get.rvm.io | bash -s stable --ruby
source /home/rgleason/.rvm/scripts/rvm
gem install travis <---Everything except this has worked.

Once installed do the following:

rgleason:~$ travis -version
Shell completion not installed. Would you like to install it now? |y| y
1.8.10

rgleason@Dart:~$sudo service ssh stop
Stopped
rgleason@Dart:~$sudo service xrdp stop
Stopped
rgleason@Dart:~$ gem install travis -v 1.8.10 --no-rdoc --no-ri
ERROR: While executing gem ... (OptionParser::InvalidOption)
invalid option: --no-rdoc <--DEPRICATED
rgleason@Dart:~$ gem install travis -v 1.8.10 --no-rdoc --no-ri
ERROR: While executing gem ... (OptionParser::InvalidOption)
invalid option: --no-ri <--DEPRICATED
rgleason@Dart:~$ gem install travis -v 1.8.10 --no-document --no-ri
ERROR: While executing gem ... (OptionParser::InvalidOption)
invalid option: --no-ri <--DEPRICATED
rgleason@Dart:~$ gem install travis -v 1.8.10 --no-document
ERROR: Could not find a valid gem 'travis' (= 1.8.10), here is why:
Unable to download data from https://rubygems.org/ - timed out (https://rubygems.org/specs.4.8.gz)
rgleason@Dart:~$ gem install travis
ERROR: Could not find a valid gem 'travis' (>= 0), here is why:
Unable to download data from https://rubygems.org/ - timed out (https://rubygems.org/specs.4.8.gz)

[rgleason]

rgleason@Dart:~$ ruby -ropen-uri -e 'eval open("https://git.io/vQhWq").read'
Here's your Ruby and OpenSSL environment:

Ruby: 2.6.3p62 (2019-04-16 revision 67580) [x86_64-linux]
RubyGems: 3.0.3
Bundler: 1.17.2
Compiled with: OpenSSL 1.1.1b 26 Feb 2019
Loaded version: OpenSSL 1.1.1 11 Sep 2018
SSL_CERT_FILE: /usr/lib/ssl/cert.pem
SSL_CERT_DIR: /usr/lib/ssl/certs

With that out of the way, let's see if you can connect to rubygems.org...

Bundler connection to rubygems.org: failed ❌ (execution expired)

rgleason@Dart:~$ sudo ntpdate ntp.ubuntu.com
[sudo] password for rgleason:
sudo: ntpdate: command not found
rgleason@Dart:~$ sudo ntpdate ntp.ubuntu.com
sudo: ntpdate: command not found
rgleason@Dart:~$


rgleason@Dart:~$ gem installer bundler
ERROR: While executing gem ... (Gem::CommandLineError)
Unknown command installer
rgleason@Dart:~$ gem installer bundler
ERROR: While executing gem ... (Gem::CommandLineError)
Unknown command installer
rgleason@Dart:~$ gem update --system
ERROR: While executing gem ... (Gem::RemoteFetcher::UnknownHostError)
timed out (https://rubygems.org/specs.4.8.gz)
rgleason@Dart:~$


Not having much luck with this.

[Canne]

Quote:

Originally Posted by rgleason

Bundler connection to rubygems.org: failed ❌ (execution expired)

That's a good script! To verify the time, just say

Code:

date

on Ubuntu and compare that to the Windows time. They should be same.

[rgleason]

Maybe I should uninstall ruby and gem and start over?

[Canne]

For the record - if somebody falls here guided by a search engine, I did a fresh installation of Ubuntu 18.04LTS command line utility of Canonical from Microsoft Store on a Windows 10 and installed travis . The procedure is described here: http://www.cruisersforum.com/forums/...ml#post2915207 .

[rgleason]

I think they are within 5 seconds of each other.


Also did these


rgleason@Dart:~$ sudo ntpdate ntp.ubuntu.com
[sudo] password for rgleason:
sudo: ntpdate: command not found
rgleason@Dart:~$ sudo ntpdate ntp.ubuntu.com
sudo: ntpdate: command not found
rgleason@Dart:~$


rgleason@Dart:~$ gem installer bundler
ERROR: While executing gem ... (Gem::CommandLineError)
Unknown command installer
rgleason@Dart:~$ gem installer bundler
ERROR: While executing gem ... (Gem::CommandLineError)
Unknown command installer
rgleason@Dart:~$ gem update --system
ERROR: While executing gem ... (Gem::RemoteFetcher::UnknownHostError)
timed out (https://rubygems.org/specs.4.8.gz)
rgleason@Dart:~$


Not having much luck with this. Ruby and Gem will not dance with me.

For the record - This is the WSL Windows subsystem for Linux used on my Win10
O5 Linux in Ubuntu 18.04LTS for Windows10
Windows Subsystem for Linux with OpenCPN 5.0


It works for running Opencpn5.0
This effort is just to get encrypted certificates for Travis..... now 300mb and heaps of Petri's time, it turns out this is not so good an idea, I guess.

[Canne]

Quote:

Originally Posted by rgleason

Maybe I should uninstall ruby and gem and start over?

No, I don't think so. For ruby,

Code:

apt-get install ruby

will update it if needed.
For gem,

Code:

gem update

and

Code:

gem update --system

Should do the job but since the same network issue hits the latter one, we're out of luck.

[rgleason]

Quote:

rgleason@Dart:~$ sudo apt-get install ruby
[sudo] password for rgleason:
Reading package lists... Done
Building dependency tree
Reading state information... Done
ruby is already the newest version (1:2.5.1).
0 upgraded, 0 newly installed, 0 to remove and 240 not upgraded.
rgleason@Dart:~$ sudo gem update
Updating installed gems
ERROR: While executing gem ... (Gem::RemoteFetcher::UnknownHostError)
timed out (https://api.rubygems.org/specs.4.8.gz)
rgleason@Dart:~$ gem update --system
ERROR: While executing gem ... (Gem::RemoteFetcher::UnknownHostError)
timed out (https://rubygems.org/specs.4.8.gz)
rgleason@Dart:~$ sudo gem update --system
ERROR: While executing gem ... (Gem::RemoteFetcher::UnknownHostError)
timed out (https://api.rubygems.org/specs.4.8.gz)
rgleason@Dart:~$

Ruby is ok. Gem is a pita.

"Gem::RemoteFetcher::UnknownHostError"

Am I missing some piece of a browser here? RemoteFetcher seems key.
I don't think it is a security certificate problem, or the firewall.

[Canne]

Quote:

Originally Posted by rgleason

rgleason@Dart:~$ sudo ntpdate ntp.ubuntu.com
sudo: ntpdate: command not found

NTP time sync is missing. That's strange. Normally it is in every Linux?
Try

Code:

sudo apt-get install ntp

Quote:

Originally Posted by rgleason

rgleason@Dart:~$ gem installer bundler
ERROR: While executing gem ... (Gem::CommandLineError)

Typo, it is

Code:

gem install bundler

But I don't think the bundler (which is used by travis for packaging of ruby projects) is the issue here. The main problem is that gem is not able to update even itself.

Try to get the time sync right to start with. That would eliminate the SSL timing as a potential problem. I need to take the road now, will check in few hours how you are doing.

[rgleason]

https://stackoverflow.com/questions/...ting-ruby-gems


https://help.rubygems.org/discussion...knownhosterror


https://meta.discourse.org/t/error-w...terror/93260/4

and this one blames the DNS server! Ha.Ha
https://meta.discourse.org/t/error-w...terror/93260/4


"This is not about the DNS setup for the domain you want to use, but the problem is caused by your server unable to use the DNS to lookup other hosts in order to download code."



Right!

[rgleason]

Quote:

NTP time sync is missing. That's strange. Normally it is in every Linux?
Try
sudo apt-get install ntp

That worked! Thank you.

Quote:

rgleason@Dart:~$ gem install bundler
ERROR: Could not find a valid gem 'bundler' (>= 0), here is why:
Unable to download data from https://rubygems.org/ - timed out (https://rubygems.org/specs.4.8.gz)

For some reason gem is not authorized to download data from rubygems.org.
So this appears to be a certificate problem I think.


I am going to reboot now.

[Canne]

Hi Rick, I am back on-line,

BTW, I read your WSL-thread. What works for you guys is fine with me. So let's tackle this one:

Good that NTP worked - for the record, chronyd is used nowadays but NTP is still available to easily eliminate the eventual clock error on Ubuntu 18.04LTS command line utility of Canonical for Microsoft. There is no timing daemon that I could find and the NTP is a quick way to jump over the local CPU HW emulated by the Windows WSL.

Quote:

Originally Posted by rgleason

For some reason gem is not authorized to download data from rubygems.org.
So this appears to be a certificate problem I think.

We came to the same conclusion. But maybe we are wrong, the verification script you executed tells you if you have a invalid certificate, according a few examples I have found. For us, it does not tell that, just timeout.

Quote:

Originally Posted by rgleason

I am going to reboot now.

That may help if it is a Windows issue (disabling the firewall, etc.).

Let's see what I get on my fresh installation with the SSL analysis script:

Code:

petri@macchina:~$ ruby -ropen-uri -e 'eval open("https://git.io/vQhWq").read'
Here's your Ruby and OpenSSL environment:

Ruby:           2.6.3p62 (2019-04-16 revision 67580) [x86_64-linux]
RubyGems:       3.0.3
Bundler:        1.17.2
Compiled with:  OpenSSL 1.1.1b  26 Feb 2019
Loaded version: OpenSSL 1.1.1  11 Sep 2018
SSL_CERT_FILE:  /usr/lib/ssl/cert.pem
SSL_CERT_DIR:   /usr/lib/ssl/certs

With that out of the way, let's see if you can connect to rubygems.org...

Bundler connection to rubygems.org:       success ✅
RubyGems connection to rubygems.org:      success ✅
Ruby net/http connection to rubygems.org: success ✅

Hooray! This Ruby can connect to rubygems.org. You are all set to use Bundler and RubyGems. 👌
(eval):136: warning: constant OpenSSL::SSL::SSLContext::METHODS is deprecated

Code:

ls -l /usr/lib/ssl
total 0
lrwxrwxrwx 1 root root  14 Apr 25  2018 certs -> /etc/ssl/certs
drwxr-xr-x 1 root root 512 May 21 16:40 misc
lrwxrwxrwx 1 root root  20 Dec  5  2018 openssl.cnf -> /etc/ssl/openssl.cnf
lrwxrwxrwx 1 root root  16 Apr 25  2018 private -> /etc/ssl/private

/etc/ssl/certs is too big to be listed here.
Note that there is no /usr/lib/ssl/cert.pem file or a symbolic link to it but that does not seem to prevent the connection for me. But let's check the certificate the Ruby .org-site seems to use:

Code:

ls -l /etc/ssl/certs | grep GlobalSign_Root_CA.crt
lrwxrwxrwx 1 root root     57 May 21 16:39 GlobalSign_Root_CA.pem -> /usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt

Code:

ls -l /usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt
-rw-r--r-- 1 root root 1261 Apr 10  2018 /usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt

Is that root certificate still valid?

Code:

openssl x509 -noout -in /usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt -dates
notBefore=Sep  1 12:00:00 1998 GMT
notAfter=Jan 28 12:00:00 2028 GMT

What is our OpenSSL version?

Code:

openssl version
OpenSSL 1.1.0g  2 Nov 2017 (Library: OpenSSL 1.1.1  11 Sep 2018)

What TLS versions Ruby installation supports?

Code:

ruby -ropenssl -e "puts OpenSSL::SSL::SSLContext::METHODS.grep(/.+\d$/).sort"
-e:1: warning: constant OpenSSL::SSL::SSLContext::METHODS is deprecated
SSLv2
SSLv23
SSLv3
TLSv1
TLSv1_1
TLSv1_2

So, it will be TLS v1.2 for us.

Let's try to connect to the server without ruby and check a bit about those certificates in a working system:

Code:

openssl s_client -connect rubygems.org:443 -tls1_2
CONNECTED(00000005)
depth=2 C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
verify return:1
depth=1 C = BE, O = GlobalSign nv-sa, CN = GlobalSign Organization Validation CA - SHA256 - G2
verify return:1
depth=0 C = US, ST = California, L = San Francisco, O = "Fastly, Inc.", CN = l.ssl.fastly.net
verify return:1
---
Certificate chain
 0 s:/C=US/ST=California/L=San Francisco/O=Fastly, Inc./CN=l.ssl.fastly.net
   i:/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Organization Validation CA - SHA256 - G2
 1 s:/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Organization Validation CA - SHA256 - G2
   i:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIOlTCCDX2gAwIBAgIMVBnQQszqpyIMFxugMA0GCSqGSIb3DQEBCwUAMGYxCzAJ

<snipping out a big chunk, continue:>

Code:

8tuY7QuLQw1a9xj0a/TCVMXCMhN6QCgXjl8CVAgVaAUbH4PF7BdbhcOEIMEkpcM3
BqNfv8MYq2b5x3aycPOJnefQaOCoCzJNzJetTFQctihqyvEtVf9zwZk=
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=San Francisco/O=Fastly, Inc./CN=l.ssl.fastly.net
issuer=/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Organization Validation CA - SHA256 - G2
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 5498 bytes and written 287 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: A19DDA345A2B2EEBD08E05E64509897A240B57E5B5B813137D4CEAD1E6C2A8D3
    Session-ID-ctx:
    Master-Key: 143221749429C87B5B3073B44A868C6C1024F3A39B45C9A6C2A942CB590AE3D53B0F0FDC109CDB2DF37B05C70347EBA4
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - 3e 11 30 39 71 06 64 97-19 33 ab 08 ca a9 55 98   >.09q.d..3....U.
    0010 - 07 09 a0 70 fd 34 2b e6-c7 f0 e7 6d 97 51 31 7f   ...p.4+....m.Q1.
    0020 - fa 64 15 a2 de 03 cf 33-3d 96 b6 3d b2 6a 5f 67   .d.....3=..=.j_g
    0030 - 32 38 42 44 ae 11 b7 8e-0f 46 f9 89 ed c5 83 ac   28BD.....F......
    0040 - 5c 97 c2 b4 99 d1 fa ab-3a a2 21 64 72 76 9d f7   \.......:.!drv..
    0050 - 59 d8 e9 ae 80 9c 53 30-f2 4d 08 ca 8f 07 c9 fd   Y.....S0.M......
    0060 - 69 e9 bd d7 1d b0 34 a9-4e da e3 65 38 3e be 5b   i.....4.N..e8>.[
    0070 - 89 82 fc cc f4 a7 1a 8f-c0 47 5a d6 5f 5d 5c 9c   .........GZ._]\.
    0080 - ff ac dd ad 33 fb f4 9f-2e 56 82 fe ff 6b 59 ad   ....3....V...kY.
    0090 - 9b c1 c9 e4 ac ca 09 ad-33 da 94 48 ba 7a 48 ee   ........3..H.zH.

    Start Time: 1561406116
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: yes
---

^C

(leave with Ctrl+C)

You may want to scroll down to appreciate the line (ok) I've marked with green color.

Ok, let's stop here. If this works then... we need to find something else!

[rgleason]

Ok I'll try your suggestions.

Quote:

rgleason@Dart:~$ ruby -ropen-uri -e 'eval open("https://git.io/vQhWq").read'
Here's your Ruby and OpenSSL environment:

Ruby: 2.6.3p62 (2019-04-16 revision 67580) [x86_64-linux]
RubyGems: 3.0.3
Bundler: 1.17.2
Compiled with: OpenSSL 1.1.1b 26 Feb 2019
Loaded version: OpenSSL 1.1.1 11 Sep 2018
SSL_CERT_FILE: /usr/lib/ssl/cert.pem
SSL_CERT_DIR: /usr/lib/ssl/certs

With that out of the way, let's see if you can connect to rubygems.org...

Bundler connection to rubygems.org: success ✅
RubyGems connection to rubygems.org: success ✅
Ruby net/http connection to rubygems.org: success ✅

Hooray! This Ruby can connect to rubygems.org. You are all set to use Bundler and RubyGems. ��
(eval):136: warning: constant OpenSSL::SSL::SSLContext::METHODS is deprecated
rgleason@Dart:~$

Quote:

rgleason@Dart:~$ ls -l /usr/lib/ssl
total 0
lrwxrwxrwx 1 root root 14 Apr 25 2018 certs -> /etc/ssl/certs
drwxr-xr-x 1 root root 4096 Jul 25 2018 misc
lrwxrwxrwx 1 root root 20 Jun 20 2018 openssl.cnf -> /etc/ssl/openssl.cnf
lrwxrwxrwx 1 root root 16 Apr 25 2018 private -> /etc/ssl/private
rgleason@Dart:~$

Quote:

rgleason@Dart:~$ ls -l /etc/ssl/certs | grep GlobalSign_Root_CA.crt
lrwxrwxrwx 1 root root 57 Jul 25 2018 GlobalSign_Root_CA.pem -> /usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt
rgleason@Dart:~$

Quote:

rgleason@Dart:~$ ls -l /usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt
-rw-r--r-- 1 root root 1261 Apr 9 2018 /usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt
rgleason@Dart:~$

Is it valid?

Quote:

rgleason@Dart:~$ openssl x509 -noout -in /usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt -dates
notBefore=Sep 1 12:00:00 1998 GMT
notAfter=Jan 28 12:00:00 2028 GMT
rgleason@Dart:~$

Yes

[rgleason]

Quote:

rgleason@Dart:~$ ls -l /usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt
-rw-r--r-- 1 root root 1261 Apr 9 2018 /usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt
rgleason@Dart:~$ openssl x509 -noout -in /usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt -dates
notBefore=Sep 1 12:00:00 1998 GMT
notAfter=Jan 28 12:00:00 2028 GMT
rgleason@Dart:~$ openssl version
OpenSSL 1.1.0g 2 Nov 2017 (Library: OpenSSL 1.1.1 11 Sep 2018)
rgleason@Dart:~$ ruby -ropenssl -e "puts OpenSSL::SSL::SSLContext::METHODS.grep(/.+\d$/).sort"
-e:1: warning: constant OpenSSL::SSL::SSLContext::METHODS is deprecated
SSLv2
SSLv23
SSLv3
TLSv1
TLSv1_1
TLSv1_2
rgleason@Dart:~$ openssl s_client -connect rubygems.org:443 -tls1_2
CONNECTED(00000005)
depth=2 C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
verify return:1
depth=1 C = BE, O = GlobalSign nv-sa, CN = GlobalSign Organization Validation CA - SHA256 - G2
verify return:1
depth=0 C = US, ST = California, L = San Francisco, O = "Fastly, Inc.", CN = l.ssl.fastly.net
verify return:1
---
Certificate chain
0 s:/C=US/ST=California/L=San Francisco/O=Fastly, Inc./CN=l.ssl.fastly.net
i:/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Organization Validation CA - SHA256 - G2
1 s:/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Organization Validation CA - SHA256 - G2
i:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIOlTCCDX2gAwIBAgIMVBnQQszqpyIMFxugMA0GCSqGSIb3DQ EBCwUAMGYxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMT wwOgYDVQQDEzNH
bG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC 0gU0hBMjU2IC0g
...
Snip

...


K3KsYIg44WIGS4/iCRlJVCLKyuCfWQW
P4qhlWjauiYZ/KsyWrY1uxO9U+aqa0/vNSYAyiNwslhdPliWw4+9v1iTIBWzGeNh
iA94ZGiWjQFi8fdK/pWf+o3NoewtCMe/uw7KBBhWMYAdgbPrQycYjoQOq0mCyhGc
/3gxVhfY5imDKag3IC/KvPUGdog1ejFc/X8BGHqmAsO1f0Zr7DWm73sglk/y1nUH
8tuY7QuLQw1a9xj0a/TCVMXCMhN6QCgXjl8CVAgVaAUbH4PF7BdbhcOEIMEkpcM3
BqNfv8MYq2b5x3aycPOJnefQaOCoCzJNzJetTFQctihqyvEtVf 9zwZk=
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=San Francisco/O=Fastly, Inc./CN=l.ssl.fastly.net
issuer=/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Organization Validation CA - SHA256 - G2
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 5498 bytes and written 287 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: 377C82CDB6C487340CE0D0AA206796A9FCEF91D31E2EC5A763 B0DA8692EA87A5
Session-ID-ctx:
Master-Key: 25EDFB06F4D705F8DE641875FD9033ADA77CD01253790C837F CF5A3C03443C465F2994508876B4CB646D55F2CB829F4F
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 3e 11 30 39 71 06 64 97-19 33 ab 08 ca a9 55 98 >.09q.d..3....U.
0010 - 1b 5c 90 3b ce eb 9c a7-56 a9 92 12 e7 12 58 eb .\.;....V.....X.
0020 - 4a b7 99 70 f2 f7 d7 d6-9c b7 5c 96 a6 43 a3 16 J..p......\..C..
0030 - 5e ff 48 e6 70 db bb 11-ac 65 ef 0b bd 59 df a4 ^.H.p....e...Y..
0040 - 71 36 20 0f b5 9b 07 e8-6b 16 72 82 5b db e7 6d q6 .....k.r.[..m
0050 - 7b 21 2d d6 e1 7b 2a 0d-fc 78 a0 ee 5a 84 6a e0 {!-..{*..x..Z.j.
0060 - df cc 8d 7a 5d 51 05 7e-d7 ee b8 35 32 03 a1 3d ...z]Q.~...52..=
0070 - d7 6e b5 d2 63 d6 1f 5d-5a 3c 47 ac aa 2e 77 67 .n..c..]Z<G...wg
0080 - 19 7f a1 4b 9e d9 69 f0-b5 1a 99 dd 04 f0 a8 87 ...K..i.........
0090 - 4c 3e 87 e7 07 5f fa db-44 e2 32 c7 84 2c bd b3 L>..._..D.2..,..

Start Time: 1561410434
Timeout : 7200 (sec)
Verify return code: 0 (ok) <----OK!
Extended master secret: yes
---

I guess Ruby and the Certificates are ok.

Wow, how do you know all these commands? Very impressive.


PS: I have spec.4.8.gz is located in home/rgleason/specs.4.8.gz
also been downloaded in windoz too. Maybe we could use that? but that would leave the problem still there.


Is the problem related to firewall permissions? Some program permission that I have not entered?


Remember that I never got the Windows firewall questions..... you asked about?
--Where you said yes to everything?


http://www.cruisersforum.com/forums/...ml#post2915222
<Question: allow restarting of services during package upgrades without asking? Yes> <----I said yes to this.

<Windows firewall: for ruby 2.5 allow ruby to communicate ... tick all> <---I never saw this.

I do have ruby, ruby2 and wsl as "Allow" in Norton360 Settings>Firewall>Programs

[Canne]

Quote:

Originally Posted by rgleason

I guess Ruby and the Certificates are ok.

Yes.

Quote:

Originally Posted by rgleason

Wow, how do you know all these commands?

Like you know things in your profession, I am sure...

We know now that a) the installation's OpenSSL configuration is not the cause, b) that your Windows firewall is letting pass outbound traffic on port 443 (https://).

Quote:

Originally Posted by rgleason

PS: I have spec.4.8.gz is located in home/rgleason/specs.4.8.gz
also been downloaded in windoz too. Maybe we could use that?

I don't know. It is one big binary file, I am afraid that alone it is not doing much.

Quote:

Originally Posted by rgleason

Is the problem related to firewall permissions? Some program permission that I have not entered?

From the firewall point one process, ubuntu1804.exe was tested above: we have proved that it can communicate with an internet based server through 443 port (https://).

Quote:

Originally Posted by rgleason

<Windows firewall: for ruby 2.5 allow ruby to communicate ... tick all> <---I never saw this.

This is an interesting observation, indeed. It must be because you are using third party firewall (Norton).

I observe with task manager while executing the ruby SSL connectivity test: there is nothing but ubuntu1804.exe in the process list. Somehow ruby25 gets identified by my Windows Firewall as a program. Perhaps it is the WSL API who reveals the real talker behind the ubuntu1804.exe, like this, the screenshot I registered while I made the initial ruby installation:

By default, the aforementioned 443 port (https://) is open for all outgoing traffic. It will contact the server. But now, the server needs to call back, it is not clear through which port but TLS would suggest 443. However, in the Inbound Rules one has two rules, one for TCP and one for UDP with all ports activated (note the opencpn just above!):

What is noteworthy, and which confirms my reasoning above about the WSL API revealing the true identity of the programs it is running, is the incredibly complex path which leads to the executable of ruby2.5 in this case. This program is registered in firewall rules, not ubuntu1804.exe:

Code:

C:\users\petri\appdata\local\packages\canonicalgrouplimited.ubuntu18.04onwindows_79rhkp1fndgsc\localstate\rootfs\usr\bin\ruby2.5

In the above string, my name and the arbitrary strings will be different in your system.

Quote:

Originally Posted by rgleason

I do have ruby, ruby2 and wsl as "Allow" in Norton360 Settings>Firewall>Programs

I do not have but Windows Defender Firewall so it would be easier if you can operate with the same and disable Norton until the issue is resolved. But if you are more familiar with Norton, you can try to create the two rules (Inbound, UDP and TCP) after you have found where the ruby2.5 is actually sitting in your system.