はじめに
awscliv2 をインストールしようとした際に SSL connect error が発生したのでその対応について書きました。
まとめ
エラー内容
curl: (35) SSL connect error
原因
SSL接続に利用するライブラリが古いため。
対応
nssのバージョンアップ。
作業ログ
エラー発生からその対応と今回行おうとしていた awscliv2 インストールまでのログです。
まずは awscliv2 をダウンロードします。
curl (エラー)
$ curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (35) SSL connect error
エラーが発生したので nss の update を実施します。
念の為に curl も update しておきます。
update (curl, nss)
$ sudo yum update curl nss
Loaded plugins: security
http://ftp.riken.jp/Linux/dag/redhat/el6/en/x86_64/dag/repodata/repomd.xml: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 404 Not Found"
Trying other mirror.
rightscale-epel | 2.9 kB 00:00
Setting up Update Process
Resolving Dependencies
--> Running transaction check
---> Package curl.x86_64 0:7.19.7-40.el6_6.4 will be updated
---> Package curl.x86_64 0:7.19.7-54.el6_10 will be an update
--> Processing Dependency: libcurl = 7.19.7-54.el6_10 for package: curl-7.19.7-54.el6_10.x86_64
---> Package nss.x86_64 0:3.16.1-7.el6_5 will be updated
--> Processing Dependency: nss = 3.16.1-7.el6_5 for package: nss-sysinit-3.16.1-7.el6_5.x86_64
--> Processing Dependency: nss(x86-64) = 3.16.1-7.el6_5 for package: nss-tools-3.16.1-7.el6_5.x86_64
---> Package nss.x86_64 0:3.44.0-7.el6_10 will be an update
--> Processing Dependency: nss-util >= 3.44.0 for package: nss-3.44.0-7.el6_10.x86_64
--> Processing Dependency: nss-softokn(x86-64) >= 3.44.0-1 for package: nss-3.44.0-7.el6_10.x86_64
--> Processing Dependency: nspr >= 4.21.0 for package: nss-3.44.0-7.el6_10.x86_64
--> Processing Dependency: libnssutil3.so(NSSUTIL_3.39)(64bit) for package: nss-3.44.0-7.el6_10.x86_64
--> Processing Dependency: libnssutil3.so(NSSUTIL_3.38)(64bit) for package: nss-3.44.0-7.el6_10.x86_64
--> Processing Dependency: libnssutil3.so(NSSUTIL_3.33)(64bit) for package: nss-3.44.0-7.el6_10.x86_64
--> Processing Dependency: libnssutil3.so(NSSUTIL_3.31)(64bit) for package: nss-3.44.0-7.el6_10.x86_64
--> Processing Dependency: libnssutil3.so(NSSUTIL_3.24)(64bit) for package: nss-3.44.0-7.el6_10.x86_64
--> Processing Dependency: libnssutil3.so(NSSUTIL_3.21)(64bit) for package: nss-3.44.0-7.el6_10.x86_64
--> Running transaction check
---> Package libcurl.x86_64 0:7.19.7-40.el6_6.4 will be updated
--> Processing Dependency: libcurl = 7.19.7-40.el6_6.4 for package: libcurl-devel-7.19.7-40.el6_6.4.x86_64
---> Package libcurl.x86_64 0:7.19.7-54.el6_10 will be an update
---> Package nspr.x86_64 0:4.10.6-1.el6_5 will be updated
---> Package nspr.x86_64 0:4.21.0-1.el6_10 will be an update
---> Package nss-softokn.x86_64 0:3.14.3-12.el6_5 will be updated
---> Package nss-softokn.x86_64 0:3.44.0-6.el6_10 will be an update
--> Processing Dependency: nss-softokn-freebl(x86-64) >= 3.44.0-6.el6_10 for package: nss-softokn-3.44.0-6.el6_10.x86_64
---> Package nss-sysinit.x86_64 0:3.16.1-7.el6_5 will be updated
---> Package nss-sysinit.x86_64 0:3.44.0-7.el6_10 will be an update
---> Package nss-tools.x86_64 0:3.16.1-7.el6_5 will be updated
---> Package nss-tools.x86_64 0:3.44.0-7.el6_10 will be an update
---> Package nss-util.x86_64 0:3.16.1-2.el6_5 will be updated
---> Package nss-util.x86_64 0:3.44.0-1.el6_10 will be an update
--> Running transaction check
---> Package libcurl-devel.x86_64 0:7.19.7-40.el6_6.4 will be updated
---> Package libcurl-devel.x86_64 0:7.19.7-54.el6_10 will be an update
---> Package nss-softokn-freebl.x86_64 0:3.14.3-12.el6_5 will be updated
---> Package nss-softokn-freebl.x86_64 0:3.44.0-6.el6_10 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
=======================================================================================================================================================================================================
Package Arch Version Repository Size
=======================================================================================================================================================================================================
Updating:
curl x86_64 7.19.7-54.el6_10 updates 198 k
nss x86_64 3.44.0-7.el6_10 updates 883 k
Updating for dependencies:
libcurl x86_64 7.19.7-54.el6_10 updates 170 k
libcurl-devel x86_64 7.19.7-54.el6_10 updates 247 k
nspr x86_64 4.21.0-1.el6_10 updates 114 k
nss-softokn x86_64 3.44.0-6.el6_10 updates 288 k
nss-softokn-freebl x86_64 3.44.0-6.el6_10 updates 202 k
nss-sysinit x86_64 3.44.0-7.el6_10 updates 54 k
nss-tools x86_64 3.44.0-7.el6_10 updates 472 k
nss-util x86_64 3.44.0-1.el6_10 updates 73 k
Transaction Summary
=======================================================================================================================================================================================================
Upgrade 10 Package(s)
Total download size: 2.6 M
Is this ok [y/N]: y
Downloading Packages:
(1/10): curl-7.19.7-54.el6_10.x86_64.rpm | 198 kB 00:00
(2/10): libcurl-7.19.7-54.el6_10.x86_64.rpm | 170 kB 00:00
(3/10): libcurl-devel-7.19.7-54.el6_10.x86_64.rpm | 247 kB 00:00
(4/10): nspr-4.21.0-1.el6_10.x86_64.rpm | 114 kB 00:00
(5/10): nss-3.44.0-7.el6_10.x86_64.rpm | 883 kB 00:00
(6/10): nss-softokn-3.44.0-6.el6_10.x86_64.rpm | 288 kB 00:00
(7/10): nss-softokn-freebl-3.44.0-6.el6_10.x86_64.rpm | 202 kB 00:00
(8/10): nss-sysinit-3.44.0-7.el6_10.x86_64.rpm | 54 kB 00:00
(9/10): nss-tools-3.44.0-7.el6_10.x86_64.rpm | 472 kB 00:00
(10/10): nss-util-3.44.0-1.el6_10.x86_64.rpm | 73 kB 00:00
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 969 kB/s | 2.6 MB 00:02
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Warning: RPMDB altered outside of yum.
Updating : nspr-4.21.0-1.el6_10.x86_64 1/20
Updating : nss-util-3.44.0-1.el6_10.x86_64 2/20
Updating : nss-softokn-freebl-3.44.0-6.el6_10.x86_64 3/20
Updating : nss-softokn-3.44.0-6.el6_10.x86_64 4/20
Updating : nss-sysinit-3.44.0-7.el6_10.x86_64 5/20
Updating : nss-3.44.0-7.el6_10.x86_64 6/20
Updating : libcurl-7.19.7-54.el6_10.x86_64 7/20
Updating : libcurl-devel-7.19.7-54.el6_10.x86_64 8/20
Updating : curl-7.19.7-54.el6_10.x86_64 9/20
Updating : nss-tools-3.44.0-7.el6_10.x86_64 10/20
Cleanup : libcurl-devel-7.19.7-40.el6_6.4.x86_64 11/20
Cleanup : nss-tools-3.16.1-7.el6_5.x86_64 12/20
Cleanup : curl-7.19.7-40.el6_6.4.x86_64 13/20
Cleanup : libcurl-7.19.7-40.el6_6.4.x86_64 14/20
Cleanup : nss-sysinit-3.16.1-7.el6_5.x86_64 15/20
Cleanup : nss-3.16.1-7.el6_5.x86_64 16/20
Cleanup : nss-softokn-3.14.3-12.el6_5.x86_64 17/20
Cleanup : nss-util-3.16.1-2.el6_5.x86_64 18/20
Cleanup : nspr-4.10.6-1.el6_5.x86_64 19/20
Cleanup : nss-softokn-freebl-3.14.3-12.el6_5.x86_64 20/20
Verifying : libcurl-7.19.7-54.el6_10.x86_64 1/20
Verifying : libcurl-devel-7.19.7-54.el6_10.x86_64 2/20
Verifying : curl-7.19.7-54.el6_10.x86_64 3/20
Verifying : nss-softokn-freebl-3.44.0-6.el6_10.x86_64 4/20
Verifying : nss-tools-3.44.0-7.el6_10.x86_64 5/20
Verifying : nss-softokn-3.44.0-6.el6_10.x86_64 6/20
Verifying : nspr-4.21.0-1.el6_10.x86_64 7/20
Verifying : nss-sysinit-3.44.0-7.el6_10.x86_64 8/20
Verifying : nss-util-3.44.0-1.el6_10.x86_64 9/20
Verifying : nss-3.44.0-7.el6_10.x86_64
Verifying : nss-util-3.16.1-2.el6_5.x86_64 11/20
Verifying : nss-softokn-freebl-3.14.3-12.el6_5.x86_64 12/20
Verifying : nspr-4.10.6-1.el6_5.x86_64 13/20
Verifying : nss-3.16.1-7.el6_5.x86_64 14/20
Verifying : libcurl-7.19.7-40.el6_6.4.x86_64 15/20
Verifying : nss-sysinit-3.16.1-7.el6_5.x86_64 16/20
Verifying : curl-7.19.7-40.el6_6.4.x86_64 17/20
Verifying : nss-tools-3.16.1-7.el6_5.x86_64 18/20
Verifying : nss-softokn-3.14.3-12.el6_5.x86_64 19/20
Verifying : libcurl-devel-7.19.7-40.el6_6.4.x86_64 20/20
Updated:
curl.x86_64 0:7.19.7-54.el6_10 nss.x86_64 0:3.44.0-7.el6_10
Dependency Updated:
libcurl.x86_64 0:7.19.7-54.el6_10 libcurl-devel.x86_64 0:7.19.7-54.el6_10 nspr.x86_64 0:4.21.0-1.el6_10 nss-softokn.x86_64 0:3.44.0-6.el6_10 nss-softokn-freebl.x86_64 0:3.44.0-6.el6_10
nss-sysinit.x86_64 0:3.44.0-7.el6_10 nss-tools.x86_64 0:3.44.0-7.el6_10 nss-util.x86_64 0:3.44.0-1.el6_10
Complete!
インストールに unzip コマンドが必要なので install しておきます。
install (unzip)
$ sudo yum install unzip
Loaded plugins: security
http://ftp.riken.jp/Linux/dag/redhat/el6/en/x86_64/dag/repodata/repomd.xml: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 404 Not Found"
Trying other mirror.
rightscale-epel | 2.9 kB 00:00
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package unzip.x86_64 0:6.0-1.el6 will be updated
---> Package unzip.x86_64 0:6.0-5.el6 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
=======================================================================================================================================================================================================
Package Arch Version Repository Size
=======================================================================================================================================================================================================
Updating:
unzip x86_64 6.0-5.el6 base 152 k
Transaction Summary
=======================================================================================================================================================================================================
Upgrade 1 Package(s)
Total download size: 152 k
Is this ok [y/N]: y
Downloading Packages:
unzip-6.0-5.el6.x86_64.rpm | 152 kB 00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Updating : unzip-6.0-5.el6.x86_64 1/2
Cleanup : unzip-6.0-1.el6.x86_64 2/2
Verifying : unzip-6.0-5.el6.x86_64 1/2
Verifying : unzip-6.0-1.el6.x86_64 2/2
Updated:
unzip.x86_64 0:6.0-5.el6
Complete!
再度インストールを試みます。
curl (awscliv2)
$ curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 57.4M 100 57.4M 0 0 29.4M 0 0:00:01 0:00:01 --:--:-- 30.6M
今回はエラーが発生せずに無事にダウンロードできました。
unzip
$ unzip awscliv2.zip
Archive: awscliv2.zip
creating: aws/
creating: aws/dist/
inflating: aws/README.md
inflating: aws/install
inflating: aws/THIRD_PARTY_LICENSES
creating: aws/dist/awscli/
creating: aws/dist/cryptography/
creating: aws/dist/docutils/
creating: aws/dist/lib-dynload/
inflating: aws/dist/aws
inflating: aws/dist/aws_completer
inflating: aws/dist/libpython3.11.so.1.0
inflating: aws/dist/_awscrt.abi3.so
inflating: aws/dist/_cffi_backend.cpython-311-x86_64-linux-gnu.so
inflating: aws/dist/_ruamel_yaml.cpython-311-x86_64-linux-gnu.so
inflating: aws/dist/libz.so.1
inflating: aws/dist/liblzma.so.0
inflating: aws/dist/libbz2.so.1
inflating: aws/dist/libffi.so.5
inflating: aws/dist/libsqlite3.so.0
inflating: aws/dist/base_library.zip
inflating: aws/dist/lib-dynload/_pickle.cpython-311-x86_64-linux-gnu.so
inflating: aws/dist/lib-dynload/_hashlib.cpython-311-x86_64-linux-gnu.so
inflating: aws/dist/lib-dynload/_sha3.cpython-311-x86_64-linux-gnu.so
inflating: aws/dist/lib-dynload/_blake2.cpython-311-x86_64-linux-gnu.so
inflating: aws/dist/lib-dynload/_sha256.cpython-311-x86_64-linux-gnu.so
inflating: aws/dist/lib-dynload/_md5.cpython-311-x86_64-linux-gnu.so
inflating: aws/dist/lib-dynload/_sha1.cpython-311-x86_64-linux-gnu.so
inflating: aws/dist/lib-dynload/_sha512.cpython-311-x86_64-linux-gnu.so
inflating: aws/dist/lib-dynload/_random.cpython-311-x86_64-linux-gnu.so
inflating: aws/dist/lib-dynload/_bisect.cpython-311-x86_64-linux-gnu.so
inflating: aws/dist/lib-dynload/_csv.cpython-311-x86_64-linux-gnu.so
inflating: aws/dist/lib-dynload/binascii.cpython-311-x86_64-linux-gnu.so
inflating: aws/dist/lib-dynload/grp.cpython-311-x86_64-linux-gnu.so
inflating: aws/dist/lib-dynload/resource.cpython-311-x86_64-linux-gnu.so
inflating: aws/dist/lib-dynload/_lzma.cpython-311-x86_64-linux-gnu.so
inflating: aws/dist/lib-dynload/_bz2.cpython-311-x86_64-linux-gnu.so
inflating: aws/dist/lib-dynload/pyexpat.cpython-311-x86_64-linux-gnu.so
inflating: aws/dist/lib-dynload/_ssl.cpython-311-x86_64-linux-gnu.so
inflating: aws/dist/lib-dynload/_contextvars.cpython-311-x86_64-linux-gnu.so
inflating: aws/dist/lib-dynload/_decimal.cpython-311-x86_64-linux-gnu.so
inflating: aws/dist/lib-dynload/_datetime.cpython-311-x86_64-linux-gnu.so
inflating: aws/dist/lib-dynload/_multiprocessing.cpython-311-x86_64-linux-gnu.so
inflating: aws/dist/lib-dynload/array.cpython-311-x86_64-linux-gnu.so
inflating: aws/dist/lib-dynload/_socket.cpython-311-x86_64-linux-gnu.so
inflating: aws/dist/lib-dynload/_posixshmem.cpython-311-x86_64-linux-gnu.so
awscliv2インストール
$ sudo ./aws/install
You can now run: /usr/local/bin/aws --version
バージョン確認
$ /usr/local/bin/aws --version
aws-cli/2.15.28 Python/3.11.8 Linux/2.6.32-431.29.2.el6.centos.plus.x86_64 exe/x86_64.centos.6 prompt/off
無事にインストールが完了しました。
おわりに
今回は awscliv2 のインストールを行う際に発生しましたが、エラー内容自体はSSL接続の問題なので他の場面でも発生する可能性があります。
今回を機に覚えておこうと思います。