Hello! Please translate the issue in English!
Translation of description:
Official repository repo.zabbix.com does not work with Ubuntu 14.04.
Repository server redirects all requests to https, which uses unsupported SSL settings on Ubuntu 14.04. It is impossible to upgrade Zabbix components.
Errors with apt-get update execution:
W: Failed to fetch http://repo.zabbix.com/zabbix/4.0/ubuntu/dists/trusty/main/source/Sources gnutls_handshake() failed: Handshake failed W: Failed to fetch http://repo.zabbix.com/zabbix/4.0/ubuntu/dists/trusty/main/binary-amd64/Packages gnutls_handshake() failed: Handshake failed W: Failed to fetch http://repo.zabbix.com/zabbix/4.0/ubuntu/dists/trusty/main/binary-i386/Packages gnutls_handshake() failed: Handshake failed E: Some index files failed to download. They have been ignored, or old ones used instead.
How to reproduce the problem:
Execute the following on Ubuntu 14.04:
wget [https://repo.zabbix.com/zabbix/4.0/ubuntu/pool/main/z/zabbix-release/zabbix-release_4.0-2+trusty_all.deb]
dpkg -i zabbix-release_4.0-2+trusty_all.deb
Update information about repository.
apt-get update
This only happens on Ubuntu 14.04 because of old gnutls library version which uses old protocol for handshake. Just tested it on 16.04 and 18.04, there is no such error.
Here's the evidence that this is GnuTLS issue, OpenSSL on 14.04 works just fine:
# cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=14.04 DISTRIB_CODENAME=trusty DISTRIB_DESCRIPTION="Ubuntu 14.04.6 LTS" # gnutls-cli -V -p 443 repo.zabbix.com Resolving 'repo.zabbix.com'... Connecting to '162.243.159.138:443'... *** Fatal error: A TLS fatal alert has been received. *** Received alert [40]: Handshake failed *** Handshake has failed GnuTLS error: A TLS fatal alert has been received. # openssl s_client -connect repo.zabbix.com:443 CONNECTED(00000003) [...] Server certificate -----BEGIN CERTIFICATE----- MIIGazCCBVOgAwIBAgIIe9z83iunVTYwDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNV BAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRow GAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRz LmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1 cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMTkwNTAzMTQ1NzM4WhcN MjAwNTAzMTQ1NzM4WjBpMQswCQYDVQQGEwJMVjENMAsGA1UEBxMEUmlnYTE0MDIG A1UECgwrU2FiaWVkcmliYSBhciBpZXJvYmV6b3R1IGF0YmlsZGlidSAiWkFCQklY IjEVMBMGA1UEAwwMKi56YWJiaXguY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A MIIBCgKCAQEA9EV9lUxVCOvvpQ7Cdc3DmuConyxm9lVHZ5XMegHGN3QS67V2bSzL v6FWKx+i9LSwGZWOrpCAkMbOQKMzHSyt1QueBcIVJid8ZDQjMX2FPmVNYEkpgCus EbwKXeb9IGRU4idReBpFkKPnDdND+TvCtOzpNMyxP8GiJSoB/v/Dq8QLAXSDDj6S bBWkAbIGl9UTub0oQwTH6vixdW8NSsyoE6E+14Mv+Tlg1LJO+aJjoMm+FH/mk1iF SroC31gEPy9oddewMEYTtpYhFVmoFD6sTiccB1OZnRNCugwtCkAMGRcyudezMGlb z4CZFfVukhvJ2eRzUAgQIWxy0/f4c/JiQQIDAQABo4ICyTCCAsUwDAYDVR0TAQH/ BAIwADApBgNVHSUEIjAgBggrBgEFBQcDAQYIKwYBBQUHAwIGCmCGSAGG+E0BAgMw DgYDVR0PAQH/BAQDAgWgMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwuZ29k YWRkeS5jb20vZ2RpZzJzMi0xMy5jcmwwXQYDVR0gBFYwVDBIBgtghkgBhv1tAQcX AjA5MDcGCCsGAQUFBwIBFitodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29t L3JlcG9zaXRvcnkvMAgGBmeBDAECAjB2BggrBgEFBQcBAQRqMGgwJAYIKwYBBQUH MAGGGGh0dHA6Ly9vY3NwLmdvZGFkZHkuY29tLzBABggrBgEFBQcwAoY0aHR0cDov L2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5L2dkaWcyLmNydDAf BgNVHSMEGDAWgBRAwr0njsw0gzCiM9f7bLPwtCyAzjAjBgNVHREEHDAaggwqLnph YmJpeC5jb22CCnphYmJpeC5jb20wHQYDVR0OBBYEFLhlMUsAIshF6+Uu3I7Fuxcv 6RjXMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHYApLkJkLQYWBSHuxOizGdwCjw1 mAT5G9+443fNDsgN3BAAAAFqfjNrEgAABAMARzBFAiBCPjY8b3xzBtPGP/UUg0TQ a3XMEvQwtw8PseELz0lfXAIhALpZlOkyiUtk5qxkFKkIir9AKdXRo7gWvgy8I+0E iMMJAHYAXqdz+d9WwOe1Nkh90EngMnqRmgyEoRIShBh1loFxRVgAAAFqfjNt/QAA BAMARzBFAiAKoubQ3YycHo7jQRvCXilgWvuEPCOWS837XJ1X/saJ9wIhAK/sdMuo J8lm0/XcDo763U30lVYrfNPmHfFxvoUgfuSAMA0GCSqGSIb3DQEBCwUAA4IBAQAT UFALcRZavUC1lkKAiDfQ8D1PgYG8KKLmMIvjUUaQjk2paNGeR+5U6nxfuZMcesmf JzClN77VIjwvP1P+VZBajbKazHKBPNN6D6zZuQdYJ+ul1u41OTrPRyKSu59jJ9YN ibvF+94yqCDNLYTZl9QCHH1JXhsXLxEquFxWuISdErM4qWkPx7puCeJJkoPzhcGM gyNhCNzbAem7BRIBA7du4PAJZ0dUPXB1lq/JgSHjIXAWhdSOTakGK1L8trpYATMi 0WLqpG5vLDsQJnfCSXAYzH2MeSZ2gtaSlXbY48xigYJ6pho8twGftP791MjhmNXQ BXoxv9p501NUzdouSE6M -----END CERTIFICATE----- [...]
I see 3 options here:
- Upgrade to Ubuntu 16.04 or newer.
- Recompile apt-transport-https with OpenSSL-flavoured libcurl, instead of GnuTLS-flavoured
# apt-cache depends apt-transport-https | grep curl Depends: libcurl3-gnutls # dpkg -l '*curl*' | grep ^ii ii libcurl3:amd64 7.35.0-1ubuntu2.20 amd64 easy-to-use client-side URL transfer library (OpenSSL flavour) ii libcurl3-gnutls:amd64 7.35.0-1ubuntu2.20 amd64 easy-to-use client-side URL transfer library (GnuTLS flavour)
- Edit /etc/apt/sources.list.d/zabbix.list and change "https" to "http" (we have just disabled http -> https redirection for this case)
No need to recompile, libcurl3-openssl is a drop-in replacement for libcurl3-gnutls.
cyclone, it will not work because in Ubuntu 14.04 apt-transport-https depends directly on libcurl3-gnutls. In 14.04 the OpenSSL-flavoured libcurl package is named libcurl3, and if you install it aside the libcurl3-gnutls the apt will use the latter one.
We recently added http -> https redirection on web server for repo.zabbix.com and now users that used HTTP to get our packages from Ubuntu 14.04 started to suffer from this. We removed the redirection temporarily and now the workaround is to switch to HTTP.
You clearly know your stuff better, dimir! 
For you to know, there is a similar issue with Zabbix Git repository.
Thank you, cyclone! Didn't know about that. Will try to discuss this internally with our git guys, please ping me if you don't see the response for some time.
Possibly not directly related, but pull requests cannot be viewed.