From mboxrd@z Thu Jan  1 00:00:00 1970
From: Robin Heinemann <robin.ole.heinemann@gmail.com>
Subject: Re: rust:cargo (libcurl) vs. CURL_CA_BUNDLE
Date: Wed, 25 Sep 2019 00:22:13 +0200
Message-ID: <87ftklz65m.fsf@transistor.i-did-not-set--mail-host-address--so-tickle-me>
References: <CA+4fW6mbsLbzrUwVTunce3bHObbs8sVk3Zzrw3u_kKD9KHoQEQ@mail.gmail.com>
 <87lfv8b7vl.fsf@gnu.org>
 <CA+4fW6mVX0hte+4SjDbgBNrr=uxW7G+ECHO6dhOh43xZ2tsNDA@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:470:142:3::10]:44600)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <robin.ole.heinemann@gmail.com>) id 1iCtiU-000706-EX
 for help-guix@gnu.org; Tue, 24 Sep 2019 18:55:31 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <robin.ole.heinemann@gmail.com>) id 1iCtiS-0005wp-Ut
 for help-guix@gnu.org; Tue, 24 Sep 2019 18:55:30 -0400
In-Reply-To: <CA+4fW6mVX0hte+4SjDbgBNrr=uxW7G+ECHO6dhOh43xZ2tsNDA@mail.gmail.com>
List-Id: <help-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/help-guix>,
 <mailto:help-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/help-guix>
List-Post: <mailto:help-guix@gnu.org>
List-Help: <mailto:help-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/help-guix>,
 <mailto:help-guix-request@gnu.org?subject=subscribe>
Errors-To: help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org
Sender: "Help-Guix" <help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org>
To: David Loyall <david@the-good-guys.net>, Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Cc: help-guix@gnu.org

Hi,
following nix (https://github.com/NixOS/nixpkgs/blob/master/pkgs/developmen=
t/compilers/rust/cargo.nix)
the right environment variable seems to be CARGO_HTTP_CAINFO
setting that to $SSL_CERT_FILE makes cargo work for me.

Cheers,
Robin

David Loyall <david@the-good-guys.net> writes:

>> This was discussed recently on IRC:
>>   http://logs.guix.gnu.org/guix/2019-08-29.log#102010
>> Unfortunately we didn=E2=80=99t reach a conclusion.
>
> Ok, thank you.  Unfortunately that user's pastebins expired so I was
> not able to compare with my own `ltrace` output.
>
>> The =E2=80=98ltrace -e getenv=E2=80=99 trick I gave might give us
>> clues about relevant environment variables.
>
> Ok, let's see:
>
>     sebboh@geeks ~$ ltrace -e getenv cargo -vv install rustfmt-nightly
>     libcrypto.so.1.0.0->getenv("SSL_CERT_FILE")
>                                                         =3D
> "/home/sebboh/.guix-profile/etc/s"...
>     libcrypto.so.1.0.0->getenv("SSL_CERT_DIR")
>                                                         =3D
> "/home/sebboh/.guix-profile/etc/s"...
>         Updating crates.io index
>     libcurl.so.4->getenv("no_proxy")
>                                                         =3D nil
>     libcurl.so.4->getenv("NO_PROXY")
>                                                         =3D nil
>     libcurl.so.4->getenv("https_proxy")
>                                                         =3D nil
>     libcurl.so.4->getenv("HTTPS_PROXY")
>                                                         =3D nil
>     libcurl.so.4->getenv("all_proxy")
>                                                         =3D nil
>     libcurl.so.4->getenv("ALL_PROXY")
>                                                         =3D nil
>     libcurl.so.4->getenv("no_proxy")
>                                                         =3D nil
>     libcurl.so.4->getenv("NO_PROXY")
>                                                         =3D nil
>     libcurl.so.4->getenv("http_proxy")
>                                                         =3D nil
>     libcurl.so.4->getenv("all_proxy")
>                                                         =3D nil
>     libcurl.so.4->getenv("ALL_PROXY")
>                                                         =3D nil
>     libcrypto.so.1.0.0->getenv("OPENSSL_ALLOW_PROXY_CERTS")
>                                                         =3D nil
>     libcurl.so.4->getenv("no_proxy")
>                                                         =3D nil
>     libcurl.so.4->getenv("NO_PROXY")
>                                                         =3D nil
>     libcurl.so.4->getenv("http_proxy")
>                                                         =3D nil
>     libcurl.so.4->getenv("all_proxy")
>                                                         =3D nil
>     libcurl.so.4->getenv("ALL_PROXY")
>                                                         =3D nil
>     libcrypto.so.1.0.0->getenv("OPENSSL_ALLOW_PROXY_CERTS")
>                                                         =3D nil
>     libcurl.so.4->getenv("no_proxy")
>                                                         =3D nil
>     libcurl.so.4->getenv("NO_PROXY")
>                                                         =3D nil
>     libcurl.so.4->getenv("http_proxy")
>                                                         =3D nil
>     libcurl.so.4->getenv("all_proxy")
>                                                         =3D nil
>     libcurl.so.4->getenv("ALL_PROXY")
>                                                         =3D nil
>     libcrypto.so.1.0.0->getenv("OPENSSL_ALLOW_PROXY_CERTS")
>                                                         =3D nil
>     libcurl.so.4->getenv("no_proxy")
>                                                         =3D nil
>     libcurl.so.4->getenv("NO_PROXY")
>                                                         =3D nil
>     libcurl.so.4->getenv("https_proxy")
>                                                         =3D nil
>     libcurl.so.4->getenv("HTTPS_PROXY")
>                                                         =3D nil
>     libcurl.so.4->getenv("all_proxy")
>                                                         =3D nil
>     libcurl.so.4->getenv("ALL_PROXY")
>                                                         =3D nil
>     error: failed to download from
> `https://crates.io/api/v1/crates/rustfmt-nightly/1.4.6/download`
>
>     Caused by:
>       [60] SSL peer certificate or SSH remote key was not OK (server
> certificate verification failed. CAfile: none CRLfile: none)
>     +++ exited (status 101) +++
>
> I investigated this `OPENSSL_ALLOW_PROXY_CERTS` variable and I
> concluded that I am not using any such cert--I believe in this case
> libcurl checks an environment variable but would not act on the
> result?  Anyway, I don't use a proxy.  (I just confirmed crates.io is
> not on the blacklist at work.)
>
> Well, I'm not sure what to check next.  I can tell you that the values
> of SSL_CERT_FILE and SSL_CERT_DIR seem to be correct (even though the
> ltrace output truncates them).
>
> Cheers, thanks,
> --sebboh