Update 2.43 to 2.44 deletes getssl-script!

[uklatt]

Hello,

today I updated getssl 2.43 to 2.44.
After executing the command "./getssl -u" the getssl file was overwritten!
The content of getssl is:

400: Invalid request

Is there a problem with version 2.43?

Uwe

[timkimber]

Hi @uklatt

Really sorry that happened to you, we changed the upgrade function in the last release but I tried to make sure it wouldn't break!

I cannot reproduce locally

1. What os are you running?
2. Can you try upgrading from 2.43 again, but this time with debug and post the output here (version 2.43 of getssl should be saved as getssl.v2.43)

Sorry again that this has broken for you

[PostholerCom]

Same thing happened to me when running getssl -u . The newly installed getssl had one line in it:

400 Bad Request

Sounds like some wget or curl gone wrong. Here's my uname -a:
Linux 4.14.214-118.339.amzn1.x86_64 #1 SMP Sun Jan 10 10:40:32 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

Edit:
Here's the output from the last 2.43 run, note the Ctrl-M on the end of #712 log line:

A more recent version (v2.44) than 2.43 of getssl is available, please update
The easiest way is to use the -u or --upgrade flag

Release v2.44 summary
2021-10-01 Fix -preferred-chain argument (#712)^M
2021-10-01 Show help if no domain specified (#705)(2.44)

Check all certificates

[PostholerCom]

Here's the getssl -d -u command:

detected os type = linux

Running Amazon Linux AMI release 2018.03
Kernel \r on an \m

checking for required which ... /usr/bin/which

checking for required openssl ... /usr/bin/openssl

checking for required curl ... /usr/bin/curl

checking for dig ... /usr/bin/dig

function dig found at /usr/bin/dig - setting DNS_CHECK_FUNC to dig

checking for required dirname ... /usr/bin/dirname

checking for required awk ... /bin/awk

checking for required tr ... /usr/bin/tr

checking for required date ... /bin/date

checking for required grep ... /bin/grep

checking for required sed ... /bin/sed

checking for required sort ... /bin/sort

checking for required sort ... /bin/sort

checking for required mktemp ... /bin/mktemp

Checking for releases at https://api.github.com/repos/srvrco/getssl/releases/latest

{^M
"url":"https://api.github.com/repos/srvrco/getssl/releases/50921720",^M
"assets_url":"https://api.github.com/repos/srvrco/getssl/releases/50921720/assets",^M
"upload_url":"https://uploads.github.com/repos/srvrco/getssl/releases/50921720/assets{?name,label}",^M
"html_url":"https://github.com/srvrco/getssl/releases/tag/v2.44",^M
"id":50921720,^M
"author":{"login":"timkimber",^M
"id":15785928,^M
"node_id":"MDQ6VXNlcjE1Nzg1OTI4",^M
"avatar_url":"https://avatars.githubusercontent.com/u/15785928?v=4",^M
"gravatar_id":"",^M
"url":"https://api.github.com/users/timkimber",^M
"html_url":"https://github.com/timkimber",^M
"followers_url":"https://api.github.com/users/timkimber/followers",^M
"following_url":"https://api.github.com/users/timkimber/following{/other_user}",^M
"gists_url":"https://api.github.com/users/timkimber/gists{/gist_id}",^M
"starred_url":"https://api.github.com/users/timkimber/starred{/owner}{/repo}",^M
"subscriptions_url":"https://api.github.com/users/timkimber/subscriptions",^M
"organizations_url":"https://api.github.com/users/timkimber/orgs",^M
"repos_url":"https://api.github.com/users/timkimber/repos",^M
"events_url":"https://api.github.com/users/timkimber/events{/privacy}",^M
"received_events_url":"https://api.github.com/users/timkimber/received_events",^M
"type":"User",^M
"site_admin":false},^M
"node_id":"RE_kwDOAvJYls4DCQD4",^M
"tag_name":"v2.44",^M
"target_commitish":"master",^M
"name":"Stable Release 2.44",^M
"draft":false,^M
"prerelease":false,^M
"created_at":"2021-10-06T20:41:22Z",^M
"published_at":"2021-10-06T21:06:53Z",^M
"assets":[],^M
"tarball_url":"https://api.github.com/repos/srvrco/getssl/tarball/v2.44",^M
"zipball_url":"https://api.github.com/repos/srvrco/getssl/zipball/v2.44",^M
"body":"2021-10-01 Fix -preferred-chain argument (#712)\r\n2021-10-01 Show help if no domain specified (#705)(2.44)"}

current code is version 2.43

Most recent version is 2.44

curl --silent --user-agent getssl/2.43 https://raw.githubusercontent.com/srvrco/v2.44/getssl --output /tmp/tmp.TK4OJkNJmn
Updated getssl from v2.43 to v2.44
The old version remains as /root/bin/getssl.v2.43 and should be removed
These update notifications can be turned off using the -Q option

Updates are:

Installed v2.44, restarting with /root/bin/getssl --nocheck -d
/root/bin/getssl: line 1: 400:: command not found
getssl: Running upgraded getssl failed

Traceback

main() line 2829 called

check_getssl_upgrade() line 873 called

error_exit() line 1233 called traceback

[PostholerCom]

After a little investigating here's the problem child. Try to open it:

https://raw.githubusercontent.com/srvrco/v2.44/getssl

[uklatt]

Yes it looks like the URL is wrong or there is no file...

Uwe

[meyergru]

I had the same problem. There are two fixes that should be done (in reverse order!):

1. The update code should check if the updated file is O.K.
2. Since this can be done for the future only, either the 2.44 version file should be made available OR the last version should be deleted in order to keep automatisations usable - mine will break one after the other when cron tries to upgrade getssl.

Point 2 is urgent, because such installations will cease to work without manual intervention!

[fmondini]

Same problem here. curl output

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 185.199.110.133...
* TCP_NODELAY set
* Connected to raw.githubusercontent.com (185.199.110.133) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, [no content] (0):
{ [1 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [19 bytes data]
* TLSv1.3 (IN), TLS handshake, [no content] (0):
{ [1 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [3067 bytes data]
* TLSv1.3 (IN), TLS handshake, [no content] (0):
{ [1 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [264 bytes data]
* TLSv1.3 (IN), TLS handshake, [no content] (0):
{ [1 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, [no content] (0):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=US; ST=California; L=San Francisco; O=GitHub, Inc.; CN=www.github.com
*  start date: May  6 00:00:00 2020 GMT
*  expire date: Apr 14 12:00:00 2022 GMT
*  subjectAltName: host "raw.githubusercontent.com" matched cert's "*.githubusercontent.com"
*  issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 High Assurance Server CA
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
} [5 bytes data]
* TLSv1.3 (OUT), TLS app data, [no content] (0):
} [1 bytes data]
* TLSv1.3 (OUT), TLS app data, [no content] (0):
} [1 bytes data]
* TLSv1.3 (OUT), TLS app data, [no content] (0):
} [1 bytes data]
* Using Stream ID: 1 (easy handle 0x55ae966ea4a0)
} [5 bytes data]
* TLSv1.3 (OUT), TLS app data, [no content] (0):
} [1 bytes data]
> GET /srvrco/v2.44/getssl HTTP/2
> Host: raw.githubusercontent.com
> User-Agent: getssl/2.43
> Accept: */*
> 
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, [no content] (0):
{ [1 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [193 bytes data]
* TLSv1.3 (IN), TLS app data, [no content] (0):
{ [1 bytes data]
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
} [5 bytes data]
* TLSv1.3 (OUT), TLS app data, [no content] (0):
} [1 bytes data]
* TLSv1.3 (IN), TLS app data, [no content] (0):
{ [1 bytes data]
< HTTP/2 400 
< content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
< strict-transport-security: max-age=31536000
< x-content-type-options: nosniff
< x-frame-options: deny
< x-xss-protection: 1; mode=block
< content-type: text/plain; charset=utf-8
< x-github-request-id: 3800:0691:10E1494:12727E0:6163FF2C
< accept-ranges: bytes
< date: Mon, 11 Oct 2021 09:09:00 GMT
< via: 1.1 varnish
< x-served-by: cache-hhn4078-HHN
< x-cache: MISS
< x-cache-hits: 0
< x-timer: S1633943341.523605,VS0,VE82
< vary: Authorization,Accept-Encoding,Origin
< access-control-allow-origin: *
< x-fastly-request-id: 6240c6442e2912e03f2bb6afdfbcea7b1afab5c3
< expires: Mon, 11 Oct 2021 09:14:00 GMT
< content-length: 20
< 
{ [20 bytes data]

100    20  100    20    0     0    170      0 --:--:-- --:--:-- --:--:--   170
* Connection #0 to host raw.githubusercontent.com left intact

[timkimber]

Thanks @fmondini , @uwedisch , @PostholerCom and @uklatt

I'd already fixed locally which is why I couldn't reproduce! I've added sanity check code to prevent a bad update from being installed and am just quickly testing locally before I push a new version