unofficial mirror of help-guix@gnu.org 
 help / color / mirror / Atom feed
From: Robin Heinemann <robin.ole.heinemann@gmail.com>
To: "David Loyall" <david@the-good-guys.net>,
	"Ludovic Courtès" <ludo@gnu.org>
Cc: help-guix@gnu.org
Subject: Re: rust:cargo (libcurl) vs. CURL_CA_BUNDLE
Date: Wed, 25 Sep 2019 00:22:13 +0200	[thread overview]
Message-ID: <87ftklz65m.fsf@transistor.i-did-not-set--mail-host-address--so-tickle-me> (raw)
In-Reply-To: <CA+4fW6mVX0hte+4SjDbgBNrr=uxW7G+ECHO6dhOh43xZ2tsNDA@mail.gmail.com>

Hi,
following nix (https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/compilers/rust/cargo.nix)
the right environment variable seems to be CARGO_HTTP_CAINFO
setting that to $SSL_CERT_FILE makes cargo work for me.

Cheers,
Robin

David Loyall <david@the-good-guys.net> writes:

>> This was discussed recently on IRC:
>>   http://logs.guix.gnu.org/guix/2019-08-29.log#102010
>> Unfortunately we didn’t reach a conclusion.
>
> Ok, thank you.  Unfortunately that user's pastebins expired so I was
> not able to compare with my own `ltrace` output.
>
>> The ‘ltrace -e getenv’ trick I gave might give us
>> clues about relevant environment variables.
>
> Ok, let's see:
>
>     sebboh@geeks ~$ ltrace -e getenv cargo -vv install rustfmt-nightly
>     libcrypto.so.1.0.0->getenv("SSL_CERT_FILE")
>                                                         =
> "/home/sebboh/.guix-profile/etc/s"...
>     libcrypto.so.1.0.0->getenv("SSL_CERT_DIR")
>                                                         =
> "/home/sebboh/.guix-profile/etc/s"...
>         Updating crates.io index
>     libcurl.so.4->getenv("no_proxy")
>                                                         = nil
>     libcurl.so.4->getenv("NO_PROXY")
>                                                         = nil
>     libcurl.so.4->getenv("https_proxy")
>                                                         = nil
>     libcurl.so.4->getenv("HTTPS_PROXY")
>                                                         = nil
>     libcurl.so.4->getenv("all_proxy")
>                                                         = nil
>     libcurl.so.4->getenv("ALL_PROXY")
>                                                         = nil
>     libcurl.so.4->getenv("no_proxy")
>                                                         = nil
>     libcurl.so.4->getenv("NO_PROXY")
>                                                         = nil
>     libcurl.so.4->getenv("http_proxy")
>                                                         = nil
>     libcurl.so.4->getenv("all_proxy")
>                                                         = nil
>     libcurl.so.4->getenv("ALL_PROXY")
>                                                         = nil
>     libcrypto.so.1.0.0->getenv("OPENSSL_ALLOW_PROXY_CERTS")
>                                                         = nil
>     libcurl.so.4->getenv("no_proxy")
>                                                         = nil
>     libcurl.so.4->getenv("NO_PROXY")
>                                                         = nil
>     libcurl.so.4->getenv("http_proxy")
>                                                         = nil
>     libcurl.so.4->getenv("all_proxy")
>                                                         = nil
>     libcurl.so.4->getenv("ALL_PROXY")
>                                                         = nil
>     libcrypto.so.1.0.0->getenv("OPENSSL_ALLOW_PROXY_CERTS")
>                                                         = nil
>     libcurl.so.4->getenv("no_proxy")
>                                                         = nil
>     libcurl.so.4->getenv("NO_PROXY")
>                                                         = nil
>     libcurl.so.4->getenv("http_proxy")
>                                                         = nil
>     libcurl.so.4->getenv("all_proxy")
>                                                         = nil
>     libcurl.so.4->getenv("ALL_PROXY")
>                                                         = nil
>     libcrypto.so.1.0.0->getenv("OPENSSL_ALLOW_PROXY_CERTS")
>                                                         = nil
>     libcurl.so.4->getenv("no_proxy")
>                                                         = nil
>     libcurl.so.4->getenv("NO_PROXY")
>                                                         = nil
>     libcurl.so.4->getenv("https_proxy")
>                                                         = nil
>     libcurl.so.4->getenv("HTTPS_PROXY")
>                                                         = nil
>     libcurl.so.4->getenv("all_proxy")
>                                                         = nil
>     libcurl.so.4->getenv("ALL_PROXY")
>                                                         = nil
>     error: failed to download from
> `https://crates.io/api/v1/crates/rustfmt-nightly/1.4.6/download`
>
>     Caused by:
>       [60] SSL peer certificate or SSH remote key was not OK (server
> certificate verification failed. CAfile: none CRLfile: none)
>     +++ exited (status 101) +++
>
> I investigated this `OPENSSL_ALLOW_PROXY_CERTS` variable and I
> concluded that I am not using any such cert--I believe in this case
> libcurl checks an environment variable but would not act on the
> result?  Anyway, I don't use a proxy.  (I just confirmed crates.io is
> not on the blacklist at work.)
>
> Well, I'm not sure what to check next.  I can tell you that the values
> of SSL_CERT_FILE and SSL_CERT_DIR seem to be correct (even though the
> ltrace output truncates them).
>
> Cheers, thanks,
> --sebboh

      reply	other threads:[~2019-09-24 22:55 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-08-15 23:14 rust:cargo (libcurl) vs. CURL_CA_BUNDLE David Loyall
2019-09-01 10:58 ` Ludovic Courtès
2019-09-04  0:16   ` David Loyall
2019-09-24 22:22     ` Robin Heinemann [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87ftklz65m.fsf@transistor.i-did-not-set--mail-host-address--so-tickle-me \
    --to=robin.ole.heinemann@gmail.com \
    --cc=david@the-good-guys.net \
    --cc=help-guix@gnu.org \
    --cc=ludo@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).