From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Loyall Subject: Re: rust:cargo (libcurl) vs. CURL_CA_BUNDLE Date: Tue, 3 Sep 2019 19:16:48 -0500 Message-ID: References: <87lfv8b7vl.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:470:142:3::10]:55166) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i5Iyu-0003ac-9Z for help-guix@gnu.org; Tue, 03 Sep 2019 20:17:05 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1i5Iyt-0007iW-1G for help-guix@gnu.org; Tue, 03 Sep 2019 20:17:04 -0400 Received: from mail-lj1-x22c.google.com ([2a00:1450:4864:20::22c]:40278) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1i5Iys-0007hV-I6 for help-guix@gnu.org; Tue, 03 Sep 2019 20:17:02 -0400 Received: by mail-lj1-x22c.google.com with SMTP id 7so8313709ljw.7 for ; Tue, 03 Sep 2019 17:17:01 -0700 (PDT) In-Reply-To: <87lfv8b7vl.fsf@gnu.org> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org Sender: "Help-Guix" To: =?UTF-8?Q?Ludovic_Court=C3=A8s?= Cc: help-guix@gnu.org > This was discussed recently on IRC: > http://logs.guix.gnu.org/guix/2019-08-29.log#102010 > Unfortunately we didn=E2=80=99t reach a conclusion. Ok, thank you. Unfortunately that user's pastebins expired so I was not able to compare with my own `ltrace` output. > The =E2=80=98ltrace -e getenv=E2=80=99 trick I gave might give us > clues about relevant environment variables. Ok, let's see: sebboh@geeks ~$ ltrace -e getenv cargo -vv install rustfmt-nightly libcrypto.so.1.0.0->getenv("SSL_CERT_FILE") =3D "/home/sebboh/.guix-profile/etc/s"... libcrypto.so.1.0.0->getenv("SSL_CERT_DIR") =3D "/home/sebboh/.guix-profile/etc/s"... Updating crates.io index libcurl.so.4->getenv("no_proxy") =3D nil libcurl.so.4->getenv("NO_PROXY") =3D nil libcurl.so.4->getenv("https_proxy") =3D nil libcurl.so.4->getenv("HTTPS_PROXY") =3D nil libcurl.so.4->getenv("all_proxy") =3D nil libcurl.so.4->getenv("ALL_PROXY") =3D nil libcurl.so.4->getenv("no_proxy") =3D nil libcurl.so.4->getenv("NO_PROXY") =3D nil libcurl.so.4->getenv("http_proxy") =3D nil libcurl.so.4->getenv("all_proxy") =3D nil libcurl.so.4->getenv("ALL_PROXY") =3D nil libcrypto.so.1.0.0->getenv("OPENSSL_ALLOW_PROXY_CERTS") =3D nil libcurl.so.4->getenv("no_proxy") =3D nil libcurl.so.4->getenv("NO_PROXY") =3D nil libcurl.so.4->getenv("http_proxy") =3D nil libcurl.so.4->getenv("all_proxy") =3D nil libcurl.so.4->getenv("ALL_PROXY") =3D nil libcrypto.so.1.0.0->getenv("OPENSSL_ALLOW_PROXY_CERTS") =3D nil libcurl.so.4->getenv("no_proxy") =3D nil libcurl.so.4->getenv("NO_PROXY") =3D nil libcurl.so.4->getenv("http_proxy") =3D nil libcurl.so.4->getenv("all_proxy") =3D nil libcurl.so.4->getenv("ALL_PROXY") =3D nil libcrypto.so.1.0.0->getenv("OPENSSL_ALLOW_PROXY_CERTS") =3D nil libcurl.so.4->getenv("no_proxy") =3D nil libcurl.so.4->getenv("NO_PROXY") =3D nil libcurl.so.4->getenv("https_proxy") =3D nil libcurl.so.4->getenv("HTTPS_PROXY") =3D nil libcurl.so.4->getenv("all_proxy") =3D nil libcurl.so.4->getenv("ALL_PROXY") =3D nil error: failed to download from `https://crates.io/api/v1/crates/rustfmt-nightly/1.4.6/download` Caused by: [60] SSL peer certificate or SSH remote key was not OK (server certificate verification failed. CAfile: none CRLfile: none) +++ exited (status 101) +++ I investigated this `OPENSSL_ALLOW_PROXY_CERTS` variable and I concluded that I am not using any such cert--I believe in this case libcurl checks an environment variable but would not act on the result? Anyway, I don't use a proxy. (I just confirmed crates.io is not on the blacklist at work.) Well, I'm not sure what to check next. I can tell you that the values of SSL_CERT_FILE and SSL_CERT_DIR seem to be correct (even though the ltrace output truncates them). Cheers, thanks, --sebboh