Closed Bug 1573324 Opened 6 years ago Closed 6 years ago

Toolchain bustage with SSL peer certificate or SSH remote key was not OK (SSL certificate problem: certificate has expired)

Categories

(Firefox Build System :: Toolchains, defect)

Product:
Firefox Build System
Component:
Toolchains
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: cbrindusan, Unassigned)

Details

TH job: https://treeherder.mozilla.org/#/jobs?repo=autoland&resultStatus=pending%2Crunning%2Csuccess%2Ctestfailed%2Cbusted%2Cexception&revision=aca32125501cce7d03b76c12ee4e86c25503b7ec&selectedJob=261205695
Log: https://treeherder.mozilla.org/logviewer.html#?job_id=261225342&repo=autoland

[task 2019-08-12T23:29:21.290Z] error: failed to sync
[task 2019-08-12T23:29:21.290Z]
[task 2019-08-12T23:29:21.290Z] Caused by:
[task 2019-08-12T23:29:21.290Z] failed to download from https://crates.io/api/v1/crates/rand_core/0.3.1/download
[task 2019-08-12T23:29:21.290Z]
[task 2019-08-12T23:29:21.290Z] Caused by:
[task 2019-08-12T23:29:21.290Z] [60] SSL peer certificate or SSH remote key was not OK (SSL certificate problem: certificate has expired)
[fetches 2019-08-12T23:29:21.293Z] removing /builds/worker/workspace/build
[fetches 2019-08-12T23:29:29.678Z] finished
[taskcluster 2019-08-12 23:29:33.361Z] === Task Finished ===
[taskcluster 2019-08-12 23:29:33.470Z] Artifact "public/build" not found at "/builds/worker/artifacts/"
[taskcluster 2019-08-12 23:29:33.819Z] Unsuccessful task run with exit code: 101 completed in 402.085 seconds

There's at least one server somewhere that returns an expired certificate. I have a network capture that shows 35.173.6.94 replying with a certificate that expired on 2019-08-03. I was also able to reproduce by hammering that address with:

while true; do openssl s_client -showcerts -servername crates.io -connect 35.173.6.94:443 < /dev/null 2>/dev
/null | openssl x509 -text | grep "Not After" 2>/dev/null; don

Within a large number of Not After : Oct 3 00:19:02 2019 GMT you can see, sometimes, a Not After : Aug 3 23:45:51 2019 GMT.

Flags: needinfo?(acrichton)

Thanks for the cc, unfortunately I don't think we know what's causing this but we can confirm we're seeing it in rust-lang/rust CI and throughout the CI of the ecosystem as well. There's a Rust tracking issue for this at https://github.com/rust-lang/rust/issues/63510

Flags: needinfo?(acrichton)

Hi there, I'm the lead of the crates.io team. We rotated our certificate and opened some support tickets around this. As best I can tell, after rotating the certificate this issue is no longer occurring. If that is not the case, please let me know.

Flags: needinfo?(cbrindusan)

Thank you for the info. All failures from 2019-08-12: https://treeherder.mozilla.org/intermittent-failures.html#/bugdetails?bug=1573324&startday=2019-08-01&endday=2019-08-15&tree=all

Status: NEW → RESOLVED
Closed: 6 years ago
Flags: needinfo?(cbrindusan)
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.