SSLError When Running Berkshelf Behind a Proxy

Featured image for sharing metadata for article

I found recently that when trying to download cookbooks in an environment that required a proxy, I would encounter the error OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errorno=0 state=SSLv2/v3 read server hello A, even when I had a proxy set for i.e.

$ cat Berksfile
source ''
depends 'java'
$ echo $http_proxy $https_proxy $HTTP_PROXY $HTTPS_PROXY
$ echo $no_proxy
$ berks
... large stacktrace ...
OpenSSL::SSL::SSLError: SSL_connect SYSCALL returned=5 errorno=0 state=SSLv2/v3 read server hello A

When Berks attempted to perform an SSL handshake with, it would fail with SSL issues which were actually hiding the real problem. Debugging this, I found that the ChefDK was happy with the certificate (as I had already trusted the certificates) and that if I used curl --cacert /opt/chefdk/embedded/ssl/certs/cacert.pem, I would be able to connect successfully. This proved out that the cert bundle was correct, so the next issue had to be something funky in Berks or Ruby.

I narrowed it down to seeing some hits to on my local proxy, realising that this issue was due to a proxy lookup for that hostname failing, as it wasn't a publicly accessible host that the proxy would be able to resolve. It seems like when either Berkshelf or the Ruby code behind it does a hostname lookup, it doesn't expand the in no_proxy to match

In order to workaround this issue, the solution is to append to your no_proxy variable in your shell.

A successful run once you have set this variable will look like:

$ echo $http_proxy $https_proxy $HTTP_PROXY $HTTPS_PROXY
$ echo $no_proxy,
$ berks
Using java (x.x.x)

Written by Jamie Tanna's profile image Jamie Tanna on , and last updated on .

Content for this article is shared under the terms of the Creative Commons Attribution Non Commercial Share Alike 4.0 International, and code is shared under the Apache License 2.0.

#chef #blogumentation #proxy #command-line #shell #chefdk #berkshelf.

This post was filed under articles.

Interactions with this post

Interactions with this post

Below you can find the interactions that this page has had using WebMention.

Have you written a response to this post? Let me know the URL:

Do you not have a website set up with WebMention capabilities? You can use Comment Parade.