Tuesday, March 21, 2023

SSL CA Problem on CentOS7 Docker and Solution

When I’m playing with CentOS7 docker image on MacBookPro M1, it looks like it doesn’t connect to the servers which require HTTPS connection.

For example, when I run yum -y update the command it returns curl: (77) Problem with the SSL CA cert (path? access rights?). Hmm, it looks like an OS Bug because my ca-certificates are okay.

I tried to send a GET command via curl and it looks like doesn’t work.

$ curl -vvv https://google.com
* About to connect () to google.com port 443  ( # 0) 
* Trying ...
* Connected to github.com ( port 443 (#0)
* Initializing NSS with certpath: sql: / etc / pki / nssdb
* Closing connection 0 curl: ( 77 ) Problem with the SSL CA cert ( path? Access rights? )

wget also doesn’t work with HTTPS connections and I do some research online and I see it’s a real bug. Here is the details; https://bugs.centos.org/view.php?id=16282

The Solution

$ touch "/etc/sysconfig/64bit_strstr_via_64bit_strstr_sse2_unaligned"

Yes, that’s it. We just need this file to run TCP connections securely. Here is the results after the solution.

$ curl -I https://google.com
HTTP/2 301
location: https://www.google.com/
content-type: text/html; charset=UTF-8
date: Tue, 08 Mar 2022 08:16:51 GMT
expires: Tue, 08 Mar 2022 08:16:51 GMT
cache-control: private, max-age=2592000
server: gws
content-length: 220
x-xss-protection: 0
x-frame-options: SAMEORIGIN
set-cookie: CONSENT=PENDING+370; expires=Thu, 07-Mar-2024 08:16:51 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

It is also a mystery that it is reproduced only on the M1 machine so far. But for the time being, I was able to identify the cause, and it’s okay to reach the goal, right?

Leave a Reply

Your email address will not be published. Required fields are marked *