Re: OpenSSL SSL_read: OpenSSL/3.5.7: error:0A000126:SSL
Date: Mon, 29 Jun 2026 20:25:53 UTC
I’ve twice run into a similar issue when pulling distfiles for Poudriere from release-assets.githubusercontent.com <http://release-assets.githubusercontent.com/>.
This is on 15.1-RELEASE FreeBSD 15.1-RELEASE releng/15.1-n283562-96841ea08dcf GENERIC amd64.
I did not have this issue before upgrading from 15.0.-RELEASE.
The Poudriere fetch log file is somewhat unclear about what has happened. However, I can reproduce the same behavior when I manually run both fetch and curl. For example:
# curl -vOL https://github.com/rockdaboot/libpsl/releases/download/0.22.0/libpsl-0.22.0.tar.lz
* Host github.com:443 was resolved.
* IPv6: (none)
* IPv4: 140.82.114.3
* Trying 140.82.114.3:443...
* ALPN: curl offers h2,http/1.1
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [1556 bytes data]
* SSL Trust Anchors:
* CApath: /etc/ssl/certs
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS change cipher, Change cipher spec (1):
{ [1 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [19 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [2742 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [79 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [36 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [36 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256 / x25519 / id-ecPublicKey
* ALPN: server accepted h2
* Server certificate:
* subject: CN=github.com
* start date: May 5 00:00:00 2026 GMT
* expire date: Aug 2 23:59:59 2026 GMT
* issuer: C=GB; O=Sectigo Limited; CN=Sectigo Public Server Authentication CA DV E36
* Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA256
* Certificate level 1: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA384
* Certificate level 2: Public key type EC/secp384r1 (384/192 Bits/secBits), signed using ecdsa-with-SHA384
* subjectAltName: "github.com" matches cert's "github.com"
* OpenSSL verify result: 0
* SSL certificate verified via OpenSSL.
* Established connection to github.com (140.82.114.3 port 443) from 10.0.0.100 port 34151
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 0* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://github.com/rockdaboot/libpsl/releases/download/0.22.0/libpsl-0.22.0.tar.lz
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: github.com]
* [HTTP/2] [1] [:path: /rockdaboot/libpsl/releases/download/0.22.0/libpsl-0.22.0.tar.lz]
* [HTTP/2] [1] [user-agent: curl/8.20.0]
* [HTTP/2] [1] [accept: */*]
} [5 bytes data]
> GET /rockdaboot/libpsl/releases/download/0.22.0/libpsl-0.22.0.tar.lz HTTP/2
> Host: github.com
> User-Agent: curl/8.20.0
> Accept: */*
>
* Request completely sent off
} [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
< HTTP/2 302
< date: Sun, 28 Jun 2026 18:37:08 GMT
< content-type: text/html; charset=utf-8
< vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, X-Requested-With, Sec-Fetch-Site,Accept-Encoding, Accept, X-Requested-With
< location: https://release-assets.githubusercontent.com/github-production-release-asset/17948072/c37c8671-3ff7-469e-9c4f-94d1f93f2ac0?sp=r&sv=2018-11-09&sr=b&spr=https&se=2026-06-28T19%3A21%3A47Z&rscd=attachment%3B+filename%3Dlibpsl-0.22.0.tar.lz&rsct=application%2Foctet-stream&skoid=96c2d410-5711-43a1-aedd-ab1947aa7ab0&sktid=398a6654-997b-47e9-b12b-9515b896b4de&skt=2026-06-28T18%3A21%3A33Z&ske=2026-06-28T19%3A21%3A47Z&sks=b&skv=2018-11-09&sig=Qc0NLbBh7zJ750IGh3I7zCLHYg%2FwSNm16LLwzPw6CYs%3D&jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmVsZWFzZS1hc3NldHMuZ2l0aHVidXNlcmNvbnRlbnQuY29tIiwia2V5Ijoia2V5MSIsImV4cCI6MTc4MjY3MjEyOCwibmJmIjoxNzgyNjcxODI4LCJwYXRoIjoicmVsZWFzZWFzc2V0cHJvZHVjdGlvbi5ibG9iLmNvcmUud2luZG93cy5uZXQifQ.9Xue5joortjMP6-4Cz-LMlGK89IDRUN7tiLP3Q5z0AI&response-content-disposition=attachment%3B%20filename%3Dlibpsl-0.22.0.tar.lz&response-content-type=application%2Foctet-stream
< cache-control: no-cache
< strict-transport-security: max-age=31536000; includeSubdomains; preload
< x-frame-options: deny
< x-content-type-options: nosniff
< x-xss-protection: 0
< referrer-policy: no-referrer-when-downgrade
{ [5 bytes data]
< content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com github.githubassets.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net productionresultssa1.blob.core.windows.net productionresultssa2.blob.core.windows.net productionresultssa3.blob.core.windows.net productionresultssa4.blob.core.windows.net productionresultssa5.blob.core.windows.net productionresultssa6.blob.core.windows.net productionresultssa7.blob.core.windows.net productionresultssa8.blob.core.windows.net productionresultssa9.blob.core.windows.net productionresultssa10.blob.core.windows.net productionresultssa11.blob.core.windows.net productionresultssa12.blob.core.windows.net productionresultssa13.blob.core.windows.net productionresultssa14.blob.core.windows.net productionresultssa15.blob.core.windows.net productionresultssa16.blob.core.windows.net productionresultssa17.blob.core.windows.net productionresultssa18.blob.core.windows.net productionresultssa19.blob.core.windows.net github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com wss://alive-staging.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com wss://production-copilot-host.webpubsub.azure.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com user-images.githubusercontent.com private-user-images.githubusercontent.com opengraph.githubassets.com marketplace-screenshots.githubusercontent.com copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com explore-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com secured-user-images.githubusercontent.com private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com github.githubassets.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/
< server: github.com
< content-length: 0
< x-github-request-id: 8567:11DC4F:20C46C7:2C7F24F:6A4169D4
* Ignoring the response-body
* setting size while ignoring
<
0 0 0 0 0 0 0 0 0
* Connection #0 to host github.com:443 left intact
* Issue another request to this URL: 'https://release-assets.githubusercontent.com/github-production-release-asset/17948072/c37c8671-3ff7-469e-9c4f-94d1f93f2ac0?sp=r&sv=2018-11-09&sr=b&spr=https&se=2026-06-28T19%3A21%3A47Z&rscd=attachment%3B+filename%3Dlibpsl-0.22.0.tar.lz&rsct=application%2Foctet-stream&skoid=96c2d410-5711-43a1-aedd-ab1947aa7ab0&sktid=398a6654-997b-47e9-b12b-9515b896b4de&skt=2026-06-28T18%3A21%3A33Z&ske=2026-06-28T19%3A21%3A47Z&sks=b&skv=2018-11-09&sig=Qc0NLbBh7zJ750IGh3I7zCLHYg%2FwSNm16LLwzPw6CYs%3D&jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmVsZWFzZS1hc3NldHMuZ2l0aHVidXNlcmNvbnRlbnQuY29tIiwia2V5Ijoia2V5MSIsImV4cCI6MTc4MjY3MjEyOCwibmJmIjoxNzgyNjcxODI4LCJwYXRoIjoicmVsZWFzZWFzc2V0cHJvZHVjdGlvbi5ibG9iLmNvcmUud2luZG93cy5uZXQifQ.9Xue5joortjMP6-4Cz-LMlGK89IDRUN7tiLP3Q5z0AI&response-content-disposition=attachment%3B%20filename%3Dlibpsl-0.22.0.tar.lz&response-content-type=application%2Foctet-stream'
* Host release-assets.githubusercontent.com:443 was resolved.
* IPv6: (none)
* IPv4: 185.199.108.133, 185.199.109.133, 185.199.110.133, 185.199.111.133
* Trying 185.199.108.133:443...
* Trying 185.199.109.133:443...
* Trying 185.199.110.133:443...
* Trying 185.199.111.133:443...
At this point the download hangs. In both cases, I used my Mac to download the files and scp them over to the Poudriere machine, and the build then proceeds normally.
Marius
--
Marius Schamschula
> On Jun 28, 2026, at 11:43 PM, A FreeBSD User <freebsd@walstatt-de.de> wrote:
>
> Hello,
>
> while updating sources and ports tree via git, many times these days I somehow hit a timeout /
> which terminates sometimes poudriere.
>
> Hosts involved: recent CURRENT since a couple of months.
>
> [...]
> [00:00:00] Updating portstree "head" with git+https...fatal: unable to access
> 'https://git.freebsd.org/ports.git/': OpenSSL SSL_read: OpenSSL/3.5.7: error:0A000126:SSL
> routines::unexpected eof while reading, errno 0
>
> What is going wrong here and how can I mitigate/repair this issue?
>
> Thanks in adavnce,
>
> oh
>
> --
>
> A FreeBSD user