From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) Subject: bug#25240: weechat-1.6: curl error 60 Date: Wed, 25 Jan 2017 12:10:01 +0100 Message-ID: <87o9yv1jli.fsf@gnu.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:53221) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cWLTl-00025p-Ud for bug-guix@gnu.org; Wed, 25 Jan 2017 06:11:11 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cWLTh-0007Bg-VS for bug-guix@gnu.org; Wed, 25 Jan 2017 06:11:05 -0500 Received: from debbugs.gnu.org ([208.118.235.43]:43412) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1cWLTh-0007Bc-RU for bug-guix@gnu.org; Wed, 25 Jan 2017 06:11:01 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1cWLTh-0002SD-MC for bug-guix@gnu.org; Wed, 25 Jan 2017 06:11:01 -0500 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: (Hank Donnay's message of "Tue, 20 Dec 2016 17:08:32 -0500") List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Hank Donnay Cc: 25240@debbugs.gnu.org Hello, Hank Donnay skribis: > Weechat seems to be unable to do HTTPS, and fails with "curl error 60". > Setting SSL_CERT_{DIR,FILE} doesn't make a difference. The actual error i= s: > > script: error downloading list of scripts: curl error 60 (server > certificate verification failed. CAfile: none CRLfile: none) (URL: " > https://weechat.org/files/plugins.xml.gz") > > I have nss-certs installed, and the files pointed to > ($GUIX_PROFILE/etc/ssl/certs and > $GUIX_PROFILE/etc/ssl/certs/ca-certificates.crt) both exist. > > Any pointers on where to look to fix this would be appreciated. Weechat uses libcurl, which uses GnuTLS and does not honor =E2=80=98SSL_CERT_DIR=E2=80=99, =E2=80=98SSL_CERT_FILE=E2=80=99, and =E2=80= =98CURL_CA_BUNDLE=E2=80=99. Instead, GnuTLS defaults to looking for certificates in /etc/ssl/certs, and it is up to the application to search for certificates in additional places. This has been discussed at but there=E2=80=99s no good solution yet. Thanks, Ludo=E2=80=99.