Possibly broken mirror

Henri Menke henri at henrimenke.de
Thu Dec 10 10:25:37 CET 2020 

On Thu, 2020-12-10 at 09:43 +0100, Herbert Voss wrote:
> 
> Am 10.12.20 um 09:35 schrieb Henri Menke via tex-live:
> > recently I've been experiencing intermittent failures of TeX Live
> > updates.  It's
> > always the same mirror causing it:
> > 
> > tlmgr: TLPDB::from_file could not initialize from: 
> > https://ftp.rrzn.uni-hannover.de/pub/mirror/tex-archive/systems/texlive/tlnet/tlpkg/texlive.tlpdb
> > tlmgr: Maybe the repository setting should be changed.
> > tlmgr: More info: https://tug.org/texlive/acquire.html
> 
> no problem here with for example:

Interesting. For me this fails reproducibly. Also I get

   $ tlmgr update --self --all --repository=https://ftp.rrzn.uni-hannover.de/pub/mirror/tex-archive/systems/texlive/tlnet
   /opt/texlive/current/bin/x86_64-linux/tlmgr: TLPDB::from_file could not initialize from: https://ftp.rrzn.uni-hannover.de/pub/mirror/tex-archive/systems/texlive/tlnet/tlpkg/texlive.tlpdb
/opt/texlive/current/bin/x86_64-linux/tlmgr: Maybe the repository setting should be changed.
/opt/texlive/current/bin/x86_64-linux/tlmgr: More info: https://tug.org/texlive/acquire.html
$ curl https://ftp.rrzn.uni-hannover.de/pub/mirror/tex-archive/systems/texlive/tlnet
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
$ openssl s_client -showcerts -connect ftp.rrzn.uni-hannover.de:443
CONNECTED(00000003)
depth=0 C = DE, ST = Niedersachsen, L = Hannover, O = Leibniz Universitaet Hannover, OU = LUIS, CN = ftp.uni-hannover.de
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = DE, ST = Niedersachsen, L = Hannover, O = Leibniz Universitaet Hannover, OU = LUIS, CN = ftp.uni-hannover.de
verify error:num=21:unable to verify the first certificate
verify return:1
   [...]

   So it looks like their SSL configuration is completely broken, which is also
   confirmed by SSL Labs:

   https://www.ssllabs.com/ssltest/analyze.html?d=ftp.rrzn.uni-hannover.de

   Since it works for you I guess Apple puts the intermediate certificates

   DFN-Verein Global Issuing CA
   DFN-Verein Certification Authority 2

   into the system trust store.

   Cheers, Henri

   > 
> iMac:~ voss$ tlmgr install --reinstall 
> --repository=
> https://ftp.rrzn.uni-hannover.de/pub/mirror/tex-archive/systems/texlive/tlnet 
> xetex
> tlmgr: package repository 
> https://ftp.rrzn.uni-hannover.de/pub/mirror/tex-archive/systems/texlive/tlnet 
> (not verified: gpg unavailable)
> [1/26, ??:??/??:??] reinstall: atbegshi [409k]
> [2/26, 00:01/02:59] reinstall: atveryend [380k]
> [...]
> 
> 
> Herbert
>

More information about the tex-live mailing list.