From mboxrd@z Thu Jan  1 00:00:00 1970
From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=)
Subject: bug#25240: weechat-1.6: curl error 60
Date: Wed, 25 Jan 2017 12:10:01 +0100
Message-ID: <87o9yv1jli.fsf@gnu.org>
References: <CAD4UWki6-7LWxP7tZruwi_ub6rew7uN0kss39-tUJrKyfsasSg@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:53221)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1cWLTl-00025p-Ud
	for bug-guix@gnu.org; Wed, 25 Jan 2017 06:11:11 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1cWLTh-0007Bg-VS
	for bug-guix@gnu.org; Wed, 25 Jan 2017 06:11:05 -0500
Received: from debbugs.gnu.org ([208.118.235.43]:43412)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1cWLTh-0007Bc-RU
	for bug-guix@gnu.org; Wed, 25 Jan 2017 06:11:01 -0500
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1cWLTh-0002SD-MC
	for bug-guix@gnu.org; Wed, 25 Jan 2017 06:11:01 -0500
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-Message-ID: <handler.25240.B25240.14853426149367@debbugs.gnu.org>
In-Reply-To: <CAD4UWki6-7LWxP7tZruwi_ub6rew7uN0kss39-tUJrKyfsasSg@mail.gmail.com>
	(Hank Donnay's message of "Tue, 20 Dec 2016 17:08:32 -0500")
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-guix/>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=subscribe>
Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org
Sender: "bug-Guix" <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
To: Hank Donnay <hdonnay@gmail.com>
Cc: 25240@debbugs.gnu.org

Hello,

Hank Donnay <hdonnay@gmail.com> skribis:

> Weechat seems to be unable to do HTTPS, and fails with "curl error 60".
> Setting SSL_CERT_{DIR,FILE} doesn't make a difference. The actual error i=
s:
>
>     script: error downloading list of scripts: curl error 60 (server
> certificate verification failed. CAfile: none CRLfile: none) (URL: "
> https://weechat.org/files/plugins.xml.gz")
>
> I have nss-certs installed, and the files pointed to
> ($GUIX_PROFILE/etc/ssl/certs and
> $GUIX_PROFILE/etc/ssl/certs/ca-certificates.crt) both exist.
>
> Any pointers on where to look to fix this would be appreciated.

Weechat uses libcurl, which uses GnuTLS and does not honor
=E2=80=98SSL_CERT_DIR=E2=80=99, =E2=80=98SSL_CERT_FILE=E2=80=99, and =E2=80=
=98CURL_CA_BUNDLE=E2=80=99.

Instead, GnuTLS defaults to looking for certificates in /etc/ssl/certs,
and it is up to the application to search for certificates in additional
places.

This has been discussed at
<https://lists.gnu.org/archive/html/guix-devel/2017-01/msg00516.html>
but there=E2=80=99s no good solution yet.

Thanks,
Ludo=E2=80=99.