当前位置：首页 > news >正文

【Kylin V10】SSLERRORSYSCALL 的修复方法

news 2025/10/16 11:48:59

注意
本文所述报错出现在 Kylin v10 系统环境下。
其他操作系统是否同样适用，请读者自行验证与尝试。

Ttbigdata首页
已经支持Kylin V10
我们计划近期上线kylin 版本的 Ambari+Bigtop。尽情期待！

也可以看这里 https://doc.janettr.com/install/manual/

一、问题现场

bower chai#1.8.0              validate 1.8.0 against https://github.com/chaijs/chai.git#1.8.0
bower commonjs#0.2.0            cached https://github.com/chrisabrams/commonjs.git#0.2.0
bower commonjs#0.2.0          validate 0.2.0 against https://github.com/chrisabrams/commonjs.git#0.2.0
bower angular-mocks#*           cached https://github.com/angular/bower-angular-mocks.git#1.8.3
bower angular-mocks#*         validate 1.8.3 against https://github.com/angular/bower-angular-mocks.git#*
bower angular-bootstrap#0.11.0  cached https://github.com/angular-ui/bootstrap-bower.git#0.11.0
bower angular-bootstrap#0.11.0         validate 0.11.0 against https://github.com/angular-ui/bootstrap-bower.git#0.11.0
bower mocha#1.14.0                       cached https://github.com/mochajs/mocha.git#1.14.0
bower mocha#1.14.0                     validate 1.14.0 against https://github.com/mochajs/mocha.git#1.14.0
bower angular-bootstrap-toggle-switch#0.5.1           cached https://github.com/JumpLink/angular-toggle-switch.git#0.5.1
bower angular-bootstrap-toggle-switch#0.5.1         validate 0.5.1 against https://github.com/JumpLink/angular-toggle-switch.git#0.5.1
bower underscore#1.7.0                                cached https://github.com/jashkenas/underscore.git#1.7.0
bower underscore#1.7.0                              validate 1.7.0 against https://github.com/jashkenas/underscore.git#1.7.0
bower sinon#1.10.3                                    cached https://github.com/cjohansen/Sinon.JS.git#1.10.3
bower sinon#1.10.3                                  validate 1.10.3 against https://github.com/cjohansen/Sinon.JS.git#1.10.3
bower angular-translate#*                             cached https://github.com/PascalPrecht/bower-angular-translate.git#2.19.1
bower angular-translate#*                           validate 2.19.1 against https://github.com/PascalPrecht/bower-angular-translate.git#*
bower lodash#>=1.3.0 <2.5.0                           cached https://github.com/lodash/lodash.git#2.4.2
bower lodash#>=1.3.0 <2.5.0                         validate 2.4.2 against https://github.com/lodash/lodash.git#>=1.3.0 <2.5.0
bower jquery#1.9.1 - 3                            not-cached https://github.com/jquery/jquery-dist.git#1.9.1 - 3
bower jquery#1.9.1 - 3                               resolve https://github.com/jquery/jquery-dist.git#1.9.1 - 3
bower jquery#1.9.1 - 3                               ECMDERR Failed to execute "git ls-remote --tags --heads https://github.com/jquery/jquery-dist.git", exit code of #128 fatal: unable to access'https://github.com/jquery/jquery-dist.git/': OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to github.com:443Additional error details:
fatal: unable to access 'https://github.com/jquery/jquery-dist.git/': OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to github.com:443
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Ambari Main 3.0.0.0.0:
[INFO]
[INFO] Ambari Main ........................................ SUCCESS [  9.088 s]
[INFO] Apache Ambari Project POM .......................... SUCCESS [  0.118 s]
[INFO] Ambari Web ......................................... SUCCESS [01:43 min]
[INFO] Ambari Views ....................................... SUCCESS [  4.147 s]
[INFO] Ambari Admin View .................................. FAILURE [01:14 min]
[INFO] ambari-utility ..................................... SKIPPED
[INFO] Ambari Server SPI .................................. SKIPPED
[INFO] Ambari Service Advisor ............................. SKIPPED
[INFO] Ambari Server ...................................... SKIPPED
[INFO] Ambari Functional Tests ............................ SKIPPED
[INFO] Ambari Agent ....................................... SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  03:12 min
[INFO] Finished at: 2025-09-24T13:13:41Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.codehaus.mojo:exec-maven-plugin:1.2.1:exec (Bower install) on project ambari-admin: Command execution failed.: Process exited with an error: 1 (Exit value: 1)
-> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR]   mvn <args> -rf :ambari-admin
[root@kylin10 modules]#

结论先行
本问题多见于 libcurl + HTTP/2 与某些代理/网关设备 ALPN 握手不兼容。将 Git 固定为 HTTP/1.1 后可稳定恢复。

二、诊断过程

TLS 层正常（openssl）

   openssl s_client -connect github.com:443 -servername github.com -brief# 输出：TLSv1.3 / Verification: OK


[root@kylin10 modules]# openssl s_client -connect github.com:443 -servername github.com -brief
CONNECTION ESTABLISHED
Protocol version: TLSv1.3
Ciphersuite: TLS_AES_128_GCM_SHA256
Peer certificate: CN = github.com
Hash used: SHA256
Signature type: ECDSA
Verification: OK
Server Temp Key: X25519, 253 bits

HTTP 栈异常（curl）

   curl -vI https://github.com# OpenSSL SSL_connect: SSL_ERROR_SYSCALL

[root@kylin10 modules]# curl -vI https://github.com
*   Trying 20.205.243.166:443...
* Connected to github.com (20.205.243.166) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crtCApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to github.com:443
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to github.com:443

结论推断

同机 openssl 成功而 curl 失败，说明 TLS 能通，但 HTTP/2 协商经由中间层（代理/防火墙/老旧网关）时出现兼容问题。
Git 内部依赖 libcurl，Bower 依赖 Git 拉取仓库，链路错误最终放大为构建失败。

三、修复方案（稳定可复用）

执行以下任一命令：

# 全局固定为 HTTP/1.1
git config --global http.version HTTP/1.1# 仅对 GitHub 生效（推荐最小影响面）
git config --global http.https://github.com/.version HTTP/1.1

验证拉取：

GIT_CURL_VERBOSE=1 git ls-remote https://github.com/jquery/jquery-dist.git

修复成功效果：

四、加固建议与断点续跑

场景	现象	建议
代理/网关影响	curl 失败、openssl 正常	固定 HTTP/1.1；必要时对 `github.com` 直连或绕过代理
TLS 协商不兼容	个别设备不支持 TLS1.3	`git config --global http.sslVersion tlsv1.2`
证书链问题	verify failed	更新 CA（RHEL/CentOS：`update-ca-trust extract`；Debian/Ubuntu：`apt reinstall ca-certificates`）
构建只需重试失败模块	Maven 提示 `-rf :ambari-admin`	`mvn -DskipTests -rf :ambari-admin install`