From mboxrd@z Thu Jan 1 00:00:00 1970 From: ng0 Subject: bug#28948: feh does encounter certificate errors with valid certificates Date: Mon, 30 Oct 2017 14:06:49 +0000 Message-ID: <20171030140649.dt6n2v6i7im4rrx4@abyayala> References: <20171022203339.qomgp4xm2rqh4zwe@abyayala> <87r2tl4iuz.fsf@fastmail.com> <87fua1kqqu.fsf@elephly.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="jp5foy7lsfm67zzx" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:34951) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e9AjY-00004r-Ah for bug-guix@gnu.org; Mon, 30 Oct 2017 10:08:14 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e9AjS-00067R-Jo for bug-guix@gnu.org; Mon, 30 Oct 2017 10:08:08 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:33600) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1e9AjS-00067N-Eh for bug-guix@gnu.org; Mon, 30 Oct 2017 10:08:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1e9AjS-0000RB-3G for bug-guix@gnu.org; Mon, 30 Oct 2017 10:08:02 -0400 Sender: "Debbugs-submit" Resent-Message-ID: Content-Disposition: inline In-Reply-To: <87fua1kqqu.fsf@elephly.net> List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Ricardo Wurmus Cc: 28948@debbugs.gnu.org --jp5foy7lsfm67zzx Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Ricardo Wurmus transcribed 1.6K bytes: >=20 > Marius Bakke writes: >=20 > > ng0 writes: > > > >> feh https://i.imgur.com/263enxT.jpg > >> feh opens image > >> > >> Problem: > >> user@abyayala ~/src/guix/guix$ feh https://i.imgur.com/263enxT.jpg > >> feh WARNING: open url: server certificate verification failed. CAfile:= none CRLfile: none > >> feh WARNING: https://i.imgur.com/263enxT.jpg - File does not exist > >> feh: No loadable images specified. > >> See 'man feh' for detailed usage information > >> > >> nss etc are in my profile, no problem with other curl based applicatio= ns. > > > > The attached patch should fix the problem. Can you try it? Thanks! I'll test it in the next couple of days. > We=E2=80=99ve done something similar in r-curl IIRC. I wonder if we shou= ld just > patch libcurl, so that all users of libcurl would benefit from this chang= e. In my opinion that would be preferable. > > +diff --git a/src/imlib.c b/src/imlib.c > > +index dfb79aa..82a9865 100644 > > +--- a/src/imlib.c > > ++++ b/src/imlib.c > > +@@ -429,6 +429,10 @@ static char *feh_http_load_image(char *url) > > + if (opt.insecure_ssl) { > > + curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0); > > + curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0); > > ++ } else { > > ++ // Allow the user to specify custom CA certificates. > > ++ curl_easy_setopt(curl, CURLOPT_CAINFO, > > ++ getenv("CURL_CA_BUNDLE")); > > + } >=20 > Is it safe to pass the empty string to curl_easy_setopt, in case > CURL_CA_BUNDLE is unset? Do we need to check the value first or can we > pass it without checking? >=20 > -- > Ricardo >=20 > GPG: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC > https://elephly.net >=20 >=20 >=20 --=20 ng0 GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588 GnuPG: https://dist.ng0.infotropique.org/dist/keys/ https://www.infotropique.org https://ng0.infotropique.org --jp5foy7lsfm67zzx Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEqIyK3RKYKNfqwC5S4i+bv+40hYgFAln3MfkACgkQ4i+bv+40 hYgvRA//QS+PfLhSgJVuCBG1xpk7I1I4sYpoIevKK7hVVxU959oBkdpNFGqCSy8M xmjzQ7SZdF8g5eB7XN22KuzTW9YaDZWMu5L8i6rh7l0wg1kNyDuEsDu2+ETjNEpH feXM2xpsYK8l3MQhFIq4MCHG8yl4PxzKbdf16XjXica9SYZK0qY0zeeC8Zxp0Ogq joB1VRf3tQw1XyWp/4zdIVCP5hC9BkE3Gf57AwkR31l2WqR8VmCnnWOPcIcUs2MK WDZkKxpJRkqH3+1EG5EsX/vKyREPnAUWDYUc/n0wFOrth4IjpeaaaExJBiKoxkBx jSInt4Q4ERKvCxloCEKV79rmZ1fTbUP7LhJnJ214B2oRkiiVkZMbBxrozUSuyHh4 TzWRQIWoiDeERhR9peXqAO6Z60VBWL8Vm2v9yfQCfNFP3TeWhG8dyrNUzqt/+6UB pR12EbbooHDBHyrykj6NZnmP2CFYxfnM22Shq+MxvYTfiSKVAC9F/S7fvQz56/Po l+HQj+tW8xK+vOpu1sgoPi+8k2i8u+HVsK/rKU/sW82811cW76Rq/9d7G96QxKCq VWJjenqA3fPFNUJ0Yh6iLDFrZ4EaTjczEM7STV4fWO3or7kGQww5HYB2fptl+zvR WuhOcv6LVR17/mY5igOdqQdOJ0ONSzQIztIt7KrvEq10ieEl9L8= =tKTL -----END PGP SIGNATURE----- --jp5foy7lsfm67zzx--