bobbysto1994
Contributor
Contributor

ESXI 6.7: OVFTools `Curl_perform error code 35 (SSL connect error)`

Jump to solution

Hi Guys,

Some quick background:
For the past two years I have used a deployment USB I created that consisted of a ks.cfg file that deployed Esxi, mcopy'd the OVA images to the local datastore and then finally used ovftools to deploy the OVA images

All source code and the USB has stayed the same through the years, with only minor changes to the Esxi version. But that has never caused an issue.
However I am trying this with Esxi 6.7 this time and I am getting curl SSL errors. Here is the log verbose log file:

2018-07-16T14:31:04.824Z verbose -[8922A00FC0] [Originator@6876 sub=Default] Subscribing to signal: 4 (SIGILL)

2018-07-16T14:31:04.824Z verbose -[8922A00FC0] [Originator@6876 sub=Default] Subscribing to signal: 6 (SIGABRT)

2018-07-16T14:31:04.824Z verbose -[8922A00FC0] [Originator@6876 sub=Default] Subscribing to signal: 8 (SIGFPE)

2018-07-16T14:31:04.824Z verbose -[8922A00FC0] [Originator@6876 sub=Default] Subscribing to signal: 15 (SIGTERM)

2018-07-16T14:31:04.824Z verbose -[8922A00FC0] [Originator@6876 sub=Default] Subscribing to signal: 1 (SIGHUP)

2018-07-16T14:31:04.824Z verbose -[8922A00FC0] [Originator@6876 sub=Default] Subscribing to signal: 3 (SIGQUIT)

2018-07-16T14:31:04.824Z verbose -[8922A00FC0] [Originator@6876 sub=Default] Subscribing to signal: 5 (SIGTRAP)

2018-07-16T14:31:04.824Z verbose -[8922A00FC0] [Originator@6876 sub=Default] Subscribing to signal: 9 (SIGKILL)

2018-07-16T14:31:04.824Z verbose -[8922A00FC0] [Originator@6876 sub=Default] Subscribing to signal: 13 (SIGPIPE)

2018-07-16T14:31:04.824Z verbose -[8922A00FC0] [Originator@6876 sub=Default] Initializing progress

2018-07-16T14:31:04.824Z verbose -[8922A00FC0] [Originator@6876 sub=Default] OvfTool Version: VMware ovftool 4.1.0 (build-2459827)

2018-07-16T14:31:04.824Z verbose -[8922A00FC0] [Originator@6876 sub=Default] Using home directory: ./.ovftool

2018-07-16T14:31:04.832Z verbose -[8922A00FC0] [Originator@6876 sub=Default] Curl Version: 7.30.0

2018-07-16T14:31:04.832Z verbose -[8922A00FC0] [Originator@6876 sub=Default] Done initializing libs

2018-07-16T14:31:04.832Z verbose -[8922A00FC0] [Originator@6876 sub=Default] Determining source

2018-07-16T14:31:04.833Z verbose -[8922A00FC0] [Originator@6876 sub=Default] Determining target

2018-07-16T14:31:04.833Z verbose -[8922A00FC0] [Originator@6876 sub=Default] Getting source

2018-07-16T14:31:04.833Z verbose -[8922A00FC0] [Originator@6876 sub=Default] Parsing URL

2018-07-16T14:31:04.835Z verbose -[8922A00FC0] [Originator@6876 sub=Default] Parsing URL

2018-07-16T14:31:04.838Z verbose -[8922A00FC0] [Originator@6876 sub=Default] Opening source

2018-07-16T14:31:04.838Z verbose -[8922A00FC0] [Originator@6876 sub=Default] OvfPackageSourceBase::Open

2018-07-16T14:31:04.846Z verbose -[8922A00FC0] [Originator@6876 sub=Default] OvfPackageSourceBase parsing message bundle

2018-07-16T14:31:04.848Z verbose -[8922A00FC0] [Originator@6876 sub=Default] Validating files

2018-07-16T14:31:04.848Z verbose -[8922A00FC0] [Originator@6876 sub=Default] Getting target

2018-07-16T14:31:04.848Z verbose -[8922A00FC0] [Originator@6876 sub=Default] Connecting to vi host

2018-07-16T14:31:04.848Z verbose -[8922A00FC0] [Originator@6876 sub=Default] Skip SSL verification

2018-07-16T14:31:04.850Z verbose -[8922A00FC0] [Originator@6876 sub=HttpConnectionPool-000000] HttpConnectionPoolImpl created. maxPoolConnections = 20; idleTimeout = 900000000; maxOpenConnections = 20; maxConnectionAge = 0

2018-07-16T14:31:04.851Z verbose -[8922A00FC0] [Originator@6876 sub=Default] Getting version of the VI host : 127.0.0.1

2018-07-16T14:31:04.851Z verbose -[8922A00FC0] [Originator@6876 sub=Default] Initializing new curl session

2018-07-16T14:31:04.867Z verbose -[8922A00FC0] [Originator@6876 sub=Default] WebRequest set basic http authorization, username : root

2018-07-16T14:31:04.867Z verbose -[8922A00FC0] [Originator@6876 sub=Default] Getting http page: https://127.0.0.1/sdk/vimServiceVersions.xml

2018-07-16T14:31:04.885Z verbose -[8922CF8700] [Originator@6876 sub=Default] Curl_perform error code 35 (SSL connect error)

2018-07-16T14:31:04.885Z verbose -[8922A00FC0] [Originator@6876 sub=Default] CURL error buffer: Unknown SSL protocol error in connection to 127.0.0.1:443

2018-07-16T14:31:04.890Z verbose -[8922A00FC0] [Originator@6876 sub=Default] Curl session torn down

2018-07-16T14:31:04.892Z verbose -[8922A00FC0] [Originator@6876 sub=Default] Backtrace:

-->

--> [backtrace begin] product: VMware Workstation, version: e.x.p, build: build-2459827, tag: -

--> backtrace[00] libvmacore.so[0x003D9C74]: Vmacore::System::Stacktrace::CaptureWork(unsigned int)

--> backtrace[01] libvmacore.so[0x001DBF37]: Vmacore::System::SystemFactoryImpl::CreateQuickBacktrace(Vmacore::Ref<Vmacore::System::Backtrace>&)

--> backtrace[02] libvmacore.so[0x0018481D]: Vmacore::Throwable::Throwable(std::string const&)

--> backtrace[03] ovftool.bin[0x0020DFB3]

--> backtrace[04] ovftool.bin[0x00248E5D]

--> backtrace[05] ovftool.bin[0x0024C5C9]

--> backtrace[06] ovftool.bin[0x00295BC4]

--> backtrace[07] ovftool.bin[0x0029714C]

--> backtrace[08] ovftool.bin[0x00298991]

--> backtrace[09] ovftool.bin[0x001EC853]

--> backtrace[10] ovftool.bin[0x001EEB04]

--> backtrace[11] libc.so.6[0x0002192D]

--> backtrace[12] ovftool.bin[0x001626B9]

--> [backtrace end]

-->

I can see the error is because their is no SSL on  https://127.0.0.1/sdk/vimServiceVersions.xml - however there has never been. So why is it only complaining now?
An note I place the ​ --noSSLVerify​ flag when using OVF tools. So you would this would be ignored.

Also for refrence here is the command I am using:

/vmfs/volumes/datastore1/vmware-ovftool/ovftool --X:logFile=ovf.log --X:logLevel=verbose --noSSLVerify -dm=thin --acceptAllEulas /vmfs/volumes/datastore1/VM.ova "vi://root:PASSWORD@127.0.0.1"

0 Kudos
1 Solution

Accepted Solutions
bobbysto1994
Contributor
Contributor

Doing some research online I found CURL error code 35 refeers to a protocol error.
The version of curl my ovftools uses is 7.30 - which does not have support for TLS1.2. Looking at ESXi 6.5 on wards I can see TLS 1.2 is now enforced as the minimum TLS protocol during negotiation.

Updating my version of OVFtool from 4.1 to 4.3 resolved this :smileygrin:!

View solution in original post

0 Kudos
1 Reply
bobbysto1994
Contributor
Contributor

Doing some research online I found CURL error code 35 refeers to a protocol error.
The version of curl my ovftools uses is 7.30 - which does not have support for TLS1.2. Looking at ESXi 6.5 on wards I can see TLS 1.2 is now enforced as the minimum TLS protocol during negotiation.

Updating my version of OVFtool from 4.1 to 4.3 resolved this :smileygrin:!

View solution in original post

0 Kudos