wget hung at "Initiating handshake"; version upgrade made things worse

James E Keenan jkeenan at pobox.com
Sun Jan 10 15:41:59 UTC 2021 

This is a two-stage problem, i.e., a case where what I did to correct a 
problem in Stage 1 only got me into a worse problem in Stage 2.

Stage 1

On FreeBSD-11, using wget 1.19.5, I was attempting to download a tarball 
in a way I have done dozens of times previously.  (I'll show debug and 
verbose output.)

#####
$ wget -dv https://www.cpan.org/src/5.0/perl-5.32.1-RC1.tar.gz
Setting --verbose (verbose) to 1
Setting --verbose (verbose) to 1
DEBUG output created by Wget 1.19.5 on freebsd11.1.

Reading HSTS entries from /home/jkeenan/.wget-hsts
URI encoding = 'US-ASCII'
converted 'https://www.cpan.org/src/5.0/perl-5.32.1-RC1.tar.gz' 
(US-ASCII) -> 'https://www.cpan.org/src/5.0/perl-5.32.1-RC1.tar.gz' (UTF-8)
Converted file name 'perl-5.32.1-RC1.tar.gz' (UTF-8) -> 
'perl-5.32.1-RC1.tar.gz' (US-ASCII)
--2021-01-10 14:56:49--  https://www.cpan.org/src/5.0/perl-5.32.1-RC1.tar.gz
Resolving www.cpan.org (www.cpan.org)... 151.101.2.132, 151.101.66.132, 
151.101.130.132, ...
Caching www.cpan.org => 151.101.2.132 151.101.66.132 151.101.130.132 
151.101.194.132 2a04:4e42::644 2a04:4e42:200::644 2a04:4e42:400::644 
2a04:4e42:600::644
Connecting to www.cpan.org (www.cpan.org)|151.101.2.132|:443... connected.
Created socket 3.
Releasing 0x0000000802371680 (new refcount 1).
Initiating SSL handshake.

#####

At this point wget hung indefinitely.  In contrast (a) wget was able to 
download a different tarball from an http site; (b) wget successfully 
loaded the same (perl release candidate) tarball on Linux.  Picking up 
from `Initiating SSL handshake.`, on Linux I got output like this:

#####
...
Initiating SSL handshake.
Handshake successful; connected socket 3 to SSL handle 0x0000555575f73080
certificate:
   subject: CN=*.cpan.org
   issuer:  CN=R3,O=Let's Encrypt,C=US
X509 certificate successfully verified and matches host www.cpan.org

---request begin---
GET /src/5.0/perl-5.32.1-RC1.tar.gz HTTP/1.1
User-Agent: Wget/1.20.3 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Host: www.cpan.org
Connection: Keep-Alive

---request end---
HTTP request sent, awaiting response...
---response begin---
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 18040350
Server: Apache/2.4.41 (Unix)
Last-Modified: Sat, 09 Jan 2021 16:48:26 GMT
ETag: "113461e-5b87a7110ca80"
Cache-Control: public, max-age=172800, stale-while-revalidate=90, 
stale-if-error=172800
Content-Type: application/x-gzip
Via: 1.1 varnish, 1.1 varnish
Strict-Transport-Security: max-age=15724800;
Accept-Ranges: bytes
Age: 43433
Date: Sun, 10 Jan 2021 15:08:43 GMT
X-Served-By: cache-fra19165-FRA, cache-ewr18172-EWR
X-Cache: HIT, HIT
X-Cache-Hits: 0, 0
X-Timer: S1610291324.941590,VS0,VE1

---response end---
200 OK
Registered socket 3 for persistent reuse.
Parsed Strict-Transport-Security max-age = 15724800, includeSubDomains = 
false
Updated HSTS host: www.cpan.org:443 (max-age: 15724800, 
includeSubdomains: false)
Length: 18040350 (17M) [application/x-gzip]
Saving to: ‘perl-5.32.1-RC1.tar.gz.1’

perl-5.32.1-RC1.tar.gz.1 100%[==================================>] 
17.20M  5.95MB/s    in 2.9s

2021-01-10 10:08:46 (5.95 MB/s) - ‘perl-5.32.1-RC1.tar.gz.1’ saved 
[18040350/18040350]

Saving HSTS entries to /home/jkeenan/.wget-hsts
#####

So in Stage 1, the problem was that on FreeBSD-11, wget failed to 
complete the handshake in a usage I had accomplished many times previously.

Stage 2

I noted that the version of wget I was using on FreeBSD-11 was behind 
that which I was using on Linux.  So I attempted to upgrade wget. 
Upshot:  now my wget is unusable.

#####
$ sudo pkg install wget
Updating FreeBSD repository catalogue...
Fetching meta.txz: 100%    916 B   0.9kB/s    00:01
Fetching packagesite.txz: 100%    6 MiB   6.0MB/s    00:01
Processing entries:   0%
Newer FreeBSD version for package py37-mysqlclient:
To ignore this error set IGNORE_OSVERSION=yes
- package: 1104001
- running kernel: 1102503
Ignore the mismatch and continue? [y/N]: y
Processing entries: 100%
FreeBSD repository update completed. 28863 packages processed.
All repositories are up to date.
New version of pkg detected; it needs to be installed first.
The following 1 package(s) will be affected (of 0 checked):

Installed packages to be UPGRADED:
	pkg: 1.15.4 -> 1.16.1

Number of packages to be upgraded: 1

4 MiB to be downloaded.

Proceed with this action? [y/N]: y
[1/1] Fetching pkg-1.16.1.txz: 100%    4 MiB   3.7MB/s    00:01
Checking integrity... done (0 conflicting)
[1/1] Upgrading pkg from 1.15.4 to 1.16.1...
[1/1] Extracting pkg-1.16.1: 100%
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):

Installed packages to be UPGRADED:
	wget: 1.19.5 -> 1.20.3_1

Number of packages to be upgraded: 1

650 KiB to be downloaded.

Proceed with this action? [y/N]: y
[1/1] Fetching wget-1.20.3_1.txz: 100%  650 KiB 666.1kB/s    00:01
Checking integrity... done (0 conflicting)
[1/1] Upgrading wget from 1.19.5 to 1.20.3_1...
[1/1] Extracting wget-1.20.3_1: 100%

$ wget -dv https://www.cpan.org/src/5.0/perl-5.32.1-RC1.tar.gz
/lib/libc.so.7: version FBSD_1.6 required by /usr/local/bin/wget not found
#####

So my upgrade to wget-1.20 on FreeBSD-11 was not successful.  I can't 
even use it on non-https sites.

I do have /lib/libc.so.7:

#####
$ ls -l /lib/libc.so.7
-r--r--r--  1 root  wheel  1760360 Oct 20  2018 /lib/libc.so.7
#####

But wget is not happy with that.

Does anyone have suggestions as to either (a) what was going wrong in 
Stage 1; or (b) how I can get myself out of the rabbit hole in Stage 2?

Thank you very much.
Jim Keenan

More information about the freebsd-questions mailing list