From mboxrd@z Thu Jan  1 00:00:00 1970
From: David Loyall <david@the-good-guys.net>
Subject: rust:cargo (libcurl) vs. CURL_CA_BUNDLE
Date: Thu, 15 Aug 2019 18:14:41 -0500
Message-ID: <CA+4fW6mbsLbzrUwVTunce3bHObbs8sVk3Zzrw3u_kKD9KHoQEQ@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Return-path: <help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:470:142:3::10]:42807)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <david.loyall@the-good-guys.net>) id 1hyOxL-0007cG-Sj
 for help-guix@gnu.org; Thu, 15 Aug 2019 19:14:56 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <david.loyall@the-good-guys.net>) id 1hyOxK-0005TY-FR
 for help-guix@gnu.org; Thu, 15 Aug 2019 19:14:55 -0400
Received: from mail-lf1-x141.google.com ([2a00:1450:4864:20::141]:37502)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <david.loyall@the-good-guys.net>)
 id 1hyOxK-0005T9-1i
 for help-guix@gnu.org; Thu, 15 Aug 2019 19:14:54 -0400
Received: by mail-lf1-x141.google.com with SMTP id c9so2778718lfh.4
 for <help-guix@gnu.org>; Thu, 15 Aug 2019 16:14:53 -0700 (PDT)
List-Id: <help-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/help-guix>,
 <mailto:help-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/help-guix>
List-Post: <mailto:help-guix@gnu.org>
List-Help: <mailto:help-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/help-guix>,
 <mailto:help-guix-request@gnu.org?subject=subscribe>
Errors-To: help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org
Sender: "Help-Guix" <help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org>
To: help-guix@gnu.org

Hello.

I think the way `cargo` uses `libcurl` is preventing it from looking
in the `CURL_CA_BUNDLE` environment variable to find where the
certificate authority file is.

Here we see what `cargo` I am using:

    sebboh@geeks ~/projects$ cargo -V
    cargo 1.36.0

Here we see the contents of one of my environment variables:

    sebboh@geeks ~/projects$ echo $CURL_CA_BUNDLE
    /home/sebboh/.guix-profile/etc/ssl/certs/ca-certificates.crt

Here we try to use `cargo` for a common task:

    sebboh@geeks ~/projects$ cargo install rustfmt-nightly
        Updating crates.io index
    error: failed to download from
`https://crates.io/api/v1/crates/rustfmt-nightly/1.4.5/download`

    Caused by:
      [60] SSL peer certificate or SSH remote key was not OK (server
certificate verification failed. CAfile: none CRLfile: none)

Here we see that `curl` itself (from `guix install curl`) works fine
(some lines omitted for brevity).

    sebboh@geeks ~/projects$ curl -v
https://crates.io/api/v1/crates/pkg-config/0.0.1/download
    *   Trying 34.202.125.55:443...
    * TCP_NODELAY set
    * Connected to crates.io (34.202.125.55) port 443 (#0)
    * found 153 certificates in
/home/sebboh/.guix-profile/etc/ssl/certs/ca-certificates.crt
[...]
    < HTTP/1.1 302 Found
[...]
    * Connection #0 to host crates.io left intact

Now what? :)

Please note that I freshly installed `rust:cargo` and did not modify
anything, so maybe our guix package should be updated so it works out
of box.  (Granted I think the TOFU principle for CA certs might be
better but, I guess that is not the topic today.)

Thanks, cheers,
--sebboh