When I run the fetch command on my firewall/gateway (RB5009) I get an SSL decode error. I am not sure what that means.
Code: Select all
[admin@gw] > /tool fetch url="https://10.10.3.21/firehol_level1" check-certificate=yes dst-path=firehol_level1.rsc
status: failed
failure: ssl connection error: ssl: decode error (6)
[admin@gw] >
When I run it on another Mikrotik device everything works as expected:
Code: Select all
[admin@wap1] > /tool fetch url="https://10.10.3.21/firehol_level1" check-certificate=yes dst-path=firehol_level1.rsc
status: finished
downloaded: 139KiBz pause]
total: 0KiB
duration: 1s
[admin@wap1]
I have checked with tcpdump and there is traffic coming from the router to the web server. I also added debug log to the nginx error log and it says:
Code: Select all
2021/11/10 17:26:00 [debug] 3239#3239: accept on 0.0.0.0:443, ready: 0
2021/11/10 17:26:00 [debug] 3239#3239: posix_memalign: 000055D782A7D330:512 @16
2021/11/10 17:26:00 [debug] 3239#3239: *11058 accept: 10.10.3.1:40842 fd:15
2021/11/10 17:26:00 [debug] 3239#3239: *11058 event timer add: 15: 60000:174145038
2021/11/10 17:26:00 [debug] 3239#3239: *11058 reusable connection: 1
2021/11/10 17:26:00 [debug] 3239#3239: *11058 epoll add event: fd:15 op:1 ev:80002001
2021/11/10 17:26:00 [debug] 3239#3239: *11058 http check ssl handshake
2021/11/10 17:26:00 [debug] 3239#3239: *11058 http recv(): 1
2021/11/10 17:26:00 [debug] 3239#3239: *11058 https ssl handshake: 0x16
2021/11/10 17:26:00 [debug] 3239#3239: *11058 tcp_nodelay
2021/11/10 17:26:00 [debug] 3239#3239: *11058 reusable connection: 0
2021/11/10 17:26:00 [debug] 3239#3239: *11058 SSL server name: "10.10.3.21"
2021/11/10 17:26:00 [debug] 3239#3239: *11058 SSL_do_handshake: -1
2021/11/10 17:26:00 [debug] 3239#3239: *11058 SSL_get_error: 2
2021/11/10 17:26:00 [debug] 3239#3239: *11058 SSL handshake handler: 0
2021/11/10 17:26:00 [debug] 3239#3239: *11058 SSL_do_handshake: -1
2021/11/10 17:26:00 [debug] 3239#3239: *11058 SSL_get_error: 1
2021/11/10 17:26:00 [info] 3239#3239: *11058 SSL_do_handshake() failed (SSL: error:1409441A:SSL routines:ssl3_read_bytes:tlsv1 alert decode error:SSL alert number 50) while SSL handshaking, client: 10.10.3.1, server: 0.0.0.0:443
2021/11/10 17:26:00 [debug] 3239#3239: *11058 close http connection: 15
2021/11/10 17:26:00 [debug] 3239#3239: *11058 event timer del: 15: 174145038
2021/11/10 17:26:00 [debug] 3239#3239: *11058 reusable connection: 0
2021/11/10 17:26:00 [debug] 3239#3239: *11058 free: 000055D782A7D330, unused: 134
The RB5009 is running 7.1rc5, the other device is running 6.49.
Is there a problem with the fetch command for HTTPS in 7.1?