I obtain this SSL3_GET_RECORD error from time to time but many times it makes impossible build a yocto recipe when it is necessary an external binary downloaded from www.nxp.com server:
This is the error from bitbake console:
HOME="/home/builder"; /usr/bin/env wget -t 2 -T 30 --passive-ftp --no-check-certificate 'https://www.nxp.com/lgfiles/NMG/MAD/YOCTO//imx-dpu-g2d-1.7.0.bin' --progress=dot -v failed with exit code 4, output:
--2019-07-24 07:52:35-- https://www.nxp.com/lgfiles/NMG/MAD/YOCTO//imx-dpu-g2d-1.7.0.bin
Resolving www.nxp.com (www.nxp.com)... 104.109.74.227 Connecting to www.nxp.com (www.nxp.com)|104.109.74.227|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2128718 (2.0M) [application/octet-stream] Saving to: ‘<http://buildserver:8080/job/thud/ws/projects/downloads/imx-dpu-g2d-1.7.0.bin%E2%80%99>
0K .......... .......... .......... .......... .......... 2% 701K 3s
50K .......... .......... .......... .......... .......... 4% 929K 2s
100K .......... .......... .......... .......... .......... 7% 4.40M 2s
150K .......... .......... .......... .......... .......... 9% 1.28M 2s
200K .......... .......... .......... .......... .......... 12% 4.21M 1s
250K .......... .......... .......... .......... .......... 14% 6.42M 1s
300K .......... .......... .......... .......... .......... 16% 1.74M 1s
350K .......... .......... .......... .......... .......... 19% 8.81M 1s
400K .......... .......... .......... .......... .......... 21% 6.87M 1s
450K .......... .......... .......... .......... .......... 24% 11.0M 1s
500K .......... .......... .......... .......... .......... 26% 8.68M 1s
550K .......... .......... .......... .......... .......... 28% 10.0M 1s
600K .......... .......... .......... .......... .......... 31% 14.1M 1s
650K .......... .......... .......... .......... .......... 33% 2.52M 1s
700K .......... .......... .......... .......... .......... 36% 9.41M 0s
750K .......... .......... .......... .......... .......... 38% 9.95M 0s
800K .......... .......... .......... .......... .......... 40% 10.1M 0s
850K .......... .......... .......... .......... .......... 43% 14.1M 0s
900K .......... .......... .......... .......... .......... 45% 9.56M 0s
950K .......... .......... .......... .......... .......... 48% 12.3M 0s
1000K .......... .......... .......... .......... .......... 50% 10.5M 0s
1050K .......... .......... .......... .... 52% 2.91M=0.3s
2019-07-24 07:52:36 (3.35 MB/s) - Read error at byte 1110814/2128718 (error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac). Retrying.
--2019-07-24 07:52:37-- (try: 2) https://www.nxp.com/lgfiles/NMG/MAD/YOCTO//imx-dpu-g2d-1.7.0.bin
Connecting to www.nxp.com (www.nxp.com)|104.109.74.227|:443... connected.
HTTP request sent, awaiting response... 206 Partial Content
Length: 2128718 (2.0M), 1017904 (994K) remaining [application/octet-stream] Saving to: ‘<http://buildserver:8080/job/thud/ws/projects/downloads/imx-dpu-g2d-1.7.0.bin%E2%80%99>
[ skipping 1050K ]
1050K ,,,,,,,,,, ,,,,,,,,,, ,,,,,,,,,, ,,,,...... .......... 52% 31.2M 0s
1100K .......... .......... .......... .......... .......... 55% 548K 1s
1150K .......... .......... .......... .......... .......... 57% 2.97M 1s
1200K .......... .......... .......... .......... .......... 60% 1.71M 1s
1250K . 60% 3245G=0.1s
2019-07-24 07:52:38 (1.18 MB/s) - Read error at byte 1281742/2128718 (error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac). Giving up.
ERROR: imx-dpu-g2d-1.7.0-r0 do_fetch: Fetcher failure for URL: 'https://www.nxp.com/lgfiles/NMG/MAD/YOCTO//imx-dpu-g2d-1.7.0.bin;fsl-eula=true'. Unable to fetch URL from any source.
ERROR: imx-dpu-g2d-1.7.0-r0 do_fetch: Function failed: base_do_fetch
NOTE: recipe imx-dpu-g2d-1.7.0-r0: task do_fetch: Failed
After debugging the issue, and building the same recipe from different regions, if the resolved IP for the host www.nxp.com is 104.109.74.227, the wget command fails with the SSL error:
Read error at byte 1110814/2128718 (error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac). Retrying.
but if I modify my /etc/hosts to resolve www.nxp.com with the IP 23.65.6.72 (which I obtain from a different region) it starts working fine.
I think it is a different security configuration between the mirrors of www.nxp.com,
Could you confirm it?
Thanks,
Hello Arturo Buzarra,
Thank you for reporting this issue. There are many servers used and it could be possible that one of these was having problems. Some tests were run using IP 104.109.74.227 but the problem was not reproduced.
Would it be possible to test again to see if this issue persists or if it was a temporary problem? If it is still present, please let us know the exact time the issue was encountered. If you are working on different hosts, are all seeing the same problems?
Regards,