From mboxrd@z Thu Jan  1 00:00:00 1970
From: ng0 <ng0@infotropique.org>
Subject: bug#28948: feh does encounter certificate errors with valid
	certificates
Date: Mon, 30 Oct 2017 14:06:49 +0000
Message-ID: <20171030140649.dt6n2v6i7im4rrx4@abyayala>
References: <20171022203339.qomgp4xm2rqh4zwe@abyayala>
	<87r2tl4iuz.fsf@fastmail.com> <87fua1kqqu.fsf@elephly.net>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="jp5foy7lsfm67zzx"
Return-path: <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:34951)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1e9AjY-00004r-Ah
	for bug-guix@gnu.org; Mon, 30 Oct 2017 10:08:14 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1e9AjS-00067R-Jo
	for bug-guix@gnu.org; Mon, 30 Oct 2017 10:08:08 -0400
Received: from debbugs.gnu.org ([208.118.235.43]:33600)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1e9AjS-00067N-Eh
	for bug-guix@gnu.org; Mon, 30 Oct 2017 10:08:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1e9AjS-0000RB-3G
	for bug-guix@gnu.org; Mon, 30 Oct 2017 10:08:02 -0400
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-Message-ID: <handler.28948.B28948.15093724521644@debbugs.gnu.org>
Content-Disposition: inline
In-Reply-To: <87fua1kqqu.fsf@elephly.net>
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-guix/>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=subscribe>
Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org
Sender: "bug-Guix" <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
To: Ricardo Wurmus <rekado@elephly.net>
Cc: 28948@debbugs.gnu.org


--jp5foy7lsfm67zzx
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Ricardo Wurmus transcribed 1.6K bytes:
>=20
> Marius Bakke <mbakke@fastmail.com> writes:
>=20
> > ng0 <ng0@infotropique.org> writes:
> >
> >> feh https://i.imgur.com/263enxT.jpg
> >> feh opens image
> >>
> >> Problem:
> >> user@abyayala ~/src/guix/guix$ feh https://i.imgur.com/263enxT.jpg
> >> feh WARNING: open url: server certificate verification failed. CAfile:=
 none CRLfile: none
> >> feh WARNING: https://i.imgur.com/263enxT.jpg - File does not exist
> >> feh: No loadable images specified.
> >> See 'man feh' for detailed usage information
> >>
> >> nss etc are in my profile, no problem with other curl based applicatio=
ns.
> >
> > The attached patch should fix the problem.  Can you try it?

Thanks! I'll test it in the next couple of days.

> We=E2=80=99ve done something similar in r-curl IIRC.  I wonder if we shou=
ld just
> patch libcurl, so that all users of libcurl would benefit from this chang=
e.

In my opinion that would be preferable.

> > +diff --git a/src/imlib.c b/src/imlib.c
> > +index dfb79aa..82a9865 100644
> > +--- a/src/imlib.c
> > ++++ b/src/imlib.c
> > +@@ -429,6 +429,10 @@ static char *feh_http_load_image(char *url)
> > + 			if (opt.insecure_ssl) {
> > + 				curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0);
> > + 				curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0);
> > ++			} else {
> > ++				// Allow the user to specify custom CA certificates.
> > ++				curl_easy_setopt(curl, CURLOPT_CAINFO,
> > ++						getenv("CURL_CA_BUNDLE"));
> > + 			}
>=20
> Is it safe to pass the empty string to curl_easy_setopt, in case
> CURL_CA_BUNDLE is unset?  Do we need to check the value first or can we
> pass it without checking?
>=20
> --
> Ricardo
>=20
> GPG: BCA6 89B6 3655 3801 C3C6  2150 197A 5888 235F ACAC
> https://elephly.net
>=20
>=20
>=20

--=20
ng0
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://dist.ng0.infotropique.org/dist/keys/
https://www.infotropique.org https://ng0.infotropique.org

--jp5foy7lsfm67zzx
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEqIyK3RKYKNfqwC5S4i+bv+40hYgFAln3MfkACgkQ4i+bv+40
hYgvRA//QS+PfLhSgJVuCBG1xpk7I1I4sYpoIevKK7hVVxU959oBkdpNFGqCSy8M
xmjzQ7SZdF8g5eB7XN22KuzTW9YaDZWMu5L8i6rh7l0wg1kNyDuEsDu2+ETjNEpH
feXM2xpsYK8l3MQhFIq4MCHG8yl4PxzKbdf16XjXica9SYZK0qY0zeeC8Zxp0Ogq
joB1VRf3tQw1XyWp/4zdIVCP5hC9BkE3Gf57AwkR31l2WqR8VmCnnWOPcIcUs2MK
WDZkKxpJRkqH3+1EG5EsX/vKyREPnAUWDYUc/n0wFOrth4IjpeaaaExJBiKoxkBx
jSInt4Q4ERKvCxloCEKV79rmZ1fTbUP7LhJnJ214B2oRkiiVkZMbBxrozUSuyHh4
TzWRQIWoiDeERhR9peXqAO6Z60VBWL8Vm2v9yfQCfNFP3TeWhG8dyrNUzqt/+6UB
pR12EbbooHDBHyrykj6NZnmP2CFYxfnM22Shq+MxvYTfiSKVAC9F/S7fvQz56/Po
l+HQj+tW8xK+vOpu1sgoPi+8k2i8u+HVsK/rKU/sW82811cW76Rq/9d7G96QxKCq
VWJjenqA3fPFNUJ0Yh6iLDFrZ4EaTjczEM7STV4fWO3or7kGQww5HYB2fptl+zvR
WuhOcv6LVR17/mY5igOdqQdOJ0ONSzQIztIt7KrvEq10ieEl9L8=
=tKTL
-----END PGP SIGNATURE-----

--jp5foy7lsfm67zzx--