Issue with LibreSSL behind proxy in Alpine docker >3.4
I’ve been building an image which would contain libModSecurity and nginx. The image builds ok with Apline version 3.4 and OpenSSL, but with any version above, I get the following error when using git clone (which uses curl with LibreSSL). The build environment where this is run is behind a proxy, which I’ve censored below with xxx.xxx.xxx.xxx. For now I’m staying with the version 3.4.
This is the verbose output of git clone:
<code class="text">
Cloning into '/usr/src/modsecurity'...
* Couldn't find host github.com in the .netrc file; using defaults
* Trying xxx.xxx.xxx.xxx...
* TCP_NODELAY set
* Connected to xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx) port 8080 (#0)
* allocate connect buffer!
* Establish HTTP proxy tunnel to github.com:443
> CONNECT github.com:443 HTTP/1.1
Host: github.com:443
User-Agent: git/2.18.1
Proxy-Connection: Keep-Alive
< HTTP/1.1 200 Connection established
<
* Proxy replied 200 to CONNECT request
* CONNECT phase completed!
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
* CONNECT phase completed!
* CONNECT phase completed!
* LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to github.com:443
* Closing connection 0
fatal: unable to access 'https://github.com/SpiderLabs/ModSecurity.git/': LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to github.com:443
</code>
Build steps before the error:
<code class="text">
FROM alpine:3.8
ENV http_proxy http://xxx.xxx.xxx.xxx:8080/
ENV https_proxy http://xxx.xxx.xxx.xxx:8080/
ENV GIT_CURL_VERBOSE=1
COPY build.sh /build.sh
RUN chmod +x /build.sh
RUN sh -c "source /build.sh"
</code>
build.sh (up until the error)
<code class="text">
#!/bin/sh
#break on errors
set -e
#update and install dependencies
apk update
apk add git wget make g++ libffi-dev pcre pcre-dev libressl-dev libtool autoconf apache2-dev libxml2-dev curl-dev automake linux-headers
git config --global http.proxy http://xxx.xxx.xxx.xxx:8080/
git config --global https.proxy http://xxx.xxx.xxx.xxx:8080/
mkdir -p /usr/bin/file
mkdir -p /usr/src/modsecurity
mkdir -p /usr/local/nginx/conf
#make modsecurity
git clone -b v3/master --single-branch https://github.com/SpiderLabs/ModSecurity.git /usr/src/modsecurity
</code>
(from redmine: issue id 9948, created on 2019-01-30)