cargo: "SSL connect error" on Windows

I am currently building servo on Windows 10 Pro, version 1511 (64-bit), with msys2 (64-bit) and inside the MinGW-w64 shell, and I get the following error message:

$ ./mach build --release --verbose
cargo build --release -v
 Downloading url v0.5.5
unable to get packages from source

Caused by:
  failed to download package `url v0.5.5` from https://crates.io/api/v1/crates/url/0.5.5/download

Caused by:
  SSL connect error
Build completed in 2.15s

Which is strange as curl works without problems (with redirection):

$ curl -v -L https://crates.io/api/v1/crates/url/0.5.5/download > file
* timeout on name lookup is not supported
*   Trying 23.21.180.91...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* Connected to crates.io (23.21.180.91) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: C:/msys64/mingw64/ssl/certs/ca-bundle.crt
  CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [89 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [2152 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [333 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [70 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
{ [1 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
*        subject: CN=www.crates.io
*        start date: Nov  5 16:52:33 2015 GMT
*        expire date: Nov  7 22:55:23 2016 GMT
*        subjectAltName: crates.io matched
*        issuer: C=US; O=GeoTrust Inc.; CN=RapidSSL SHA256 CA - G3
*        SSL certificate verify ok.
} [5 bytes data]
> GET /api/v1/crates/url/0.5.5/download HTTP/1.1
> Host: crates.io
> User-Agent: curl/7.47.1
> Accept: */*
>
{ [5 bytes data]
< HTTP/1.1 302 Found
< Connection: keep-alive
< Server: nginx
< Date: Thu, 10 Mar 2016 03:58:47 GMT
< Transfer-Encoding: chunked
< Location: https://crates-io.s3-us-west-1.amazonaws.com/crates/url/url-0.5.5.crate
< Set-Cookie: cargo_session=--PBVtejYpqgihoNU4gy+Z6jCDXMg=; HttpOnly; Secure; Path=/
< Strict-Transport-Security: max-age=31536000
< Via: 1.1 vegur
<
* Ignoring the response-body
{ [5 bytes data]
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
* Connection #0 to host crates.io left intact
* Issue another request to this URL: 'https://crates-io.s3-us-west-1.amazonaws.com/crates/url/url-0.5.5.crate'
* timeout on name lookup is not supported
*   Trying 54.231.236.0...
* Connected to crates-io.s3-us-west-1.amazonaws.com (54.231.236.0) port 443 (#1)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: C:/msys64/mingw64/ssl/certs/ca-bundle.crt
  CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [89 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [2544 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [333 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [70 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
{ [1 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-SHA
* ALPN, server did not agree to a protocol
* Server certificate:
*        subject: C=US; ST=Washington; L=Seattle; O=Amazon.com Inc.; CN=*.s3-us-west-1.amazonaws.com
*        start date: Dec  8 12:05:08 2015 GMT
*        expire date: Sep 21 12:00:00 2016 GMT
*        subjectAltName: crates-io.s3-us-west-1.amazonaws.com matched
*        issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert Baltimore CA-2 G2
*        SSL certificate verify ok.
} [5 bytes data]
> GET /crates/url/url-0.5.5.crate HTTP/1.1
> Host: crates-io.s3-us-west-1.amazonaws.com
> User-Agent: curl/7.47.1
> Accept: */*
>
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0{ [5 bytes data]
< HTTP/1.1 200 OK
< x-amz-id-2: bLCVbUt7EAiyHdocFASXq5cvWafLdRMqsy26ipTQLL9JtqAuav3qe4WyCc5gv4LPOajZ9XbaWWc=
< x-amz-request-id: 13BCB59D959EBB6A
< Date: Thu, 10 Mar 2016 03:58:49 GMT
< Last-Modified: Wed, 10 Feb 2016 15:54:33 GMT
< ETag: "94ea7a572a87cab3383bc45f9024a730"
< Accept-Ranges: bytes
< Content-Type: application/x-tar
< Content-Length: 281821
< Server: AmazonS3
<
{ [5 bytes data]
100  275k  100  275k    0     0   212k      0  0:00:01  0:00:01 --:--:--  764k
* Connection #1 to host crates-io.s3-us-west-1.amazonaws.com left intact

I even tried to disable the Windows firewall completely, still with the same result (also that would not explain why curl works and cargo does not).

I would appreciate if someone could name a few options to get a more verbose output from cargo (more verbose than --verbose).

About this issue

Original URL
State: closed
Created 8 years ago
Comments: 46 (22 by maintainers)

Commits related to this issue

Auto merge of #3137 - alexcrichton:bump-curl, r=brson Update curl to track more error info This hopefully will help out with https://github.com/rust-lang/cargo/issues/2464#issuecomment-250583778 by ... — committed to rust-lang/cargo by bors 8 years ago

Most upvoted comments

If possible, I’ve uploaded a local build of Cargo which supports the options mentioned above. You can add this to .cargo/config to enable it:

[http]
check-revoke = false

+25

alexcrichton on Feb 14, 2017

now this issue resolved after created config file under ./cargo folder and putted below line [http] check-revoke = false

aiodsunil on Apr 29, 2017

So I went on the IRC channel and got cargo to work. Looks like the config file has no extensions and is to be actually called “config”. Mistake on my part since I saw that the format was toml and hence would require an extension of “.toml”. Also, I assumed “.cargo\config”, meant a folder config inside .cargo.

Thanks for the help anyways.

vigneshdv on Oct 8, 2017

[SOLVED] I did not have the .cargo \ config file, so I created the file, right-click the new file text, name it with single quotation marks Ex: ‘config’. So rename without single quotation. And I’ve added the following lines.

[http]


check-revoke = false

brunoxti on Aug 20, 2020

try

[http]
check-revoke = false

Also, please open a new issue instead of commenting on one closed 7 years ago.

Eh2406 on Mar 29, 2023

I tried to set check-revoke = false in ~/.cargo/config, but it did not work.

And finally, I changed the curl in path (I have multi curl in path), and it worked now.

C:\Users\Liu.D.H>cargo  install mdcat  -vvv
    Updating `https://mirrors.tuna.tsinghua.edu.cn/git/crates.io-index.git` index
 Downloading crates ...
warning: spurious network error (2 tries remaining): [35] SSL connect error (schannel: failed to receive handshake, SSL/TLS connection failed)
warning: spurious network error (1 tries remaining): [35] SSL connect error (schannel: failed to receive handshake, SSL/TLS connection failed)
error: failed to download from `https://crates.io/api/v1/crates/mdcat/0.22.1/download`

Caused by:
  [35] SSL connect error (schannel: failed to receive handshake, SSL/TLS connection failed)

C:\Users\Liu.D.H>set path=C:\Windows\System32;%path%

C:\Users\Liu.D.H>where curl
C:\Windows\System32\curl.exe
C:\ProgramData\chocolatey\bin\curl.exe
C:\Users\Liu.D.H\scoop\shims\curl.exe
C:\msys64\usr\bin\curl.exe

C:\Users\Liu.D.H>cargo  install mdcat  -vvv
    Updating `https://mirrors.tuna.tsinghua.edu.cn/git/crates.io-index.git` index
 Downloading crates ...
  Downloaded mdcat v0.22.1 (registry `https://mirrors.tuna.tsinghua.edu.cn/git/crates.io-index.git`)
  Installing mdcat v0.22.1
 Downloading crates ...
  Downloaded anyhow v1.0.36 (registry `https://mirrors.tuna.tsinghua.edu.cn/git/crates.io-index.git`)
。......

liudonghua123 on Dec 22, 2020

@JasonKleban I believe so, yes, that option is just telling schannel to bypass revocation entirely. Beyond that though I don’t know if it’s a local configuration problem or what it would be indicative of 😦

alexcrichton on Feb 14, 2017