X Tutup
The Wayback Machine - https://web.archive.org/web/20221227041640/https://github.com/PowerShell/PowerShell/issues/6233
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Building PowerShell in Windows results in a mismatch in security certificates #6233

Closed
CallmeJoeBob opened this issue Feb 24, 2018 · 5 comments · Fixed by #6235
Closed

Building PowerShell in Windows results in a mismatch in security certificates #6233

CallmeJoeBob opened this issue Feb 24, 2018 · 5 comments · Fixed by #6235
Labels
Area-Maintainers-Build specific to affecting the build Hacktoberfest Potential candidate to participate in Hacktoberfest OS-Windows Resolution-Fixed The issue is fixed.

Comments

@CallmeJoeBob
Copy link
Contributor

CallmeJoeBob commented Feb 24, 2018

Description

This issue is caused by a mismatch in TLS certification. Windows Powershell ships with version 1 of TLS, while Github requires version 1.2.

Steps to reproduce

When building PowerShell, run the Start-PSBootstrap script

PS C:> Start-PSBootstrap
Installing PowerShell build dependencies
dotnet is already installed.  Skipping installation.
pwsh.exe not found. Install latest PowerShell Core release and add it to Path
VERBOSE: Destination: C:\Users\joelj\AppData\Local\Microsoft\powershell
VERBOSE: About to download package from
'https://github.com/PowerShell/PowerShell/releases/download/v6.0.1/PowerShell-6.0.1-win-x64.zip'
Invoke-WebRequest : The request was aborted: Could not create SSL/TLS secure channel.
At D:\HackIllinois2018\Powershell\PowerShell\tools\install-powershell.ps1:139 char:9
+         Invoke-WebRequest -Uri $downloadURL -OutFile $packagePath
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebExc
   eption
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand

Expected behavior

Script is able to establish a secure channel that matches default Windows certificates

Actual behavior

Error is returned: The request was aborted: could not create SSL/TLS secure channel.

Environment data

> $PSVersionTable
Name                           Value
----                           -----
PSVersion                      5.1.16299.248
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.16299.248
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
@vors
Copy link
Collaborator

vors commented Feb 24, 2018

Our first issue filled as part of Hackillinois2018! 🎉

@vors vors added OS-Windows Area-Maintainers-Build specific to affecting the build labels Feb 24, 2018
@vors
Copy link
Collaborator

vors commented Feb 24, 2018

workaround:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

@vors vors added the Hacktoberfest Potential candidate to participate in Hacktoberfest label Feb 24, 2018
@iSazonov
Copy link
Collaborator

iSazonov commented Feb 24, 2018

In Powershell Core we already have Invoke-WebRequest -SslProtocol Tls12. I don't remember - maybe it is default. /cc @markekraus
I don't see the problem if pwsh was installed - we require install pwsh to build.
So I believe we can close the Issue.

@vors
Copy link
Collaborator

vors commented Feb 24, 2018
edited

I don't see the problem if pwsh was installed - we require install pwsh to build.

it should work on windows powershell - this is what used for bootstrapping. There is no requirement to have pwsh for bootstrapping. Fix is on the way.

@CallmeJoeBob CallmeJoeBob mentioned this issue Feb 24, 2018
Merged
11 tasks
@markekraus
Copy link
Contributor

markekraus commented Feb 24, 2018

bad workaround, rushed PR. Please don't do this kind of thing.

[Net.ServicePointManager]::SecurityProtocol -bor [Net.SecurityProtocolType]::Tls12 -bor [Net.SecurityProtocolType]::Tls11

Better workaround, but still rubs me the wrong way.

@markekraus markekraus mentioned this issue Feb 24, 2018
Merged
11 tasks
@iSazonov iSazonov added the Resolution-Fixed The issue is fixed. label Mar 24, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Area-Maintainers-Build specific to affecting the build Hacktoberfest Potential candidate to participate in Hacktoberfest OS-Windows Resolution-Fixed The issue is fixed.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Uses TLS 1.2 on Windows during Start-PSBootstrap CallmeJoeBob/PowerShell
4 participants
@vors @markekraus @iSazonov @CallmeJoeBob
X Tutup