From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ricardo Wurmus <rekado@elephly.net>
Subject: bug#28948: feh does encounter certificate errors with valid
	certificates
Date: Mon, 30 Oct 2017 09:02:33 +0100
Message-ID: <87fua1kqqu.fsf@elephly.net>
References: <20171022203339.qomgp4xm2rqh4zwe@abyayala>
	<87r2tl4iuz.fsf@fastmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:49523)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1e95lo-0007vI-0C
	for bug-guix@gnu.org; Mon, 30 Oct 2017 04:50:09 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1e95lj-0007cS-1d
	for bug-guix@gnu.org; Mon, 30 Oct 2017 04:50:07 -0400
Received: from debbugs.gnu.org ([208.118.235.43]:60863)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1e95li-0007cK-RH
	for bug-guix@gnu.org; Mon, 30 Oct 2017 04:50:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1e95li-0003rG-GN
	for bug-guix@gnu.org; Mon, 30 Oct 2017 04:50:02 -0400
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-Message-ID: <handler.28948.B28948.150935335014765@debbugs.gnu.org>
In-reply-to: <87r2tl4iuz.fsf@fastmail.com>
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-guix/>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=subscribe>
Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org
Sender: "bug-Guix" <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
To: Marius Bakke <mbakke@fastmail.com>
Cc: 28948@debbugs.gnu.org


Marius Bakke <mbakke@fastmail.com> writes:

> ng0 <ng0@infotropique.org> writes:
>
>> feh https://i.imgur.com/263enxT.jpg
>> feh opens image
>>
>> Problem:
>> user@abyayala ~/src/guix/guix$ feh https://i.imgur.com/263enxT.jpg
>> feh WARNING: open url: server certificate verification failed. CAfile: n=
one CRLfile: none
>> feh WARNING: https://i.imgur.com/263enxT.jpg - File does not exist
>> feh: No loadable images specified.
>> See 'man feh' for detailed usage information
>>
>> nss etc are in my profile, no problem with other curl based applications=
.
>
> The attached patch should fix the problem.  Can you try it?

We=E2=80=99ve done something similar in r-curl IIRC.  I wonder if we should=
 just
patch libcurl, so that all users of libcurl would benefit from this change.

> +diff --git a/src/imlib.c b/src/imlib.c
> +index dfb79aa..82a9865 100644
> +--- a/src/imlib.c
> ++++ b/src/imlib.c
> +@@ -429,6 +429,10 @@ static char *feh_http_load_image(char *url)
> + =09=09=09if (opt.insecure_ssl) {
> + =09=09=09=09curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0);
> + =09=09=09=09curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0);
> ++=09=09=09} else {
> ++=09=09=09=09// Allow the user to specify custom CA certificates.
> ++=09=09=09=09curl_easy_setopt(curl, CURLOPT_CAINFO,
> ++=09=09=09=09=09=09getenv("CURL_CA_BUNDLE"));
> + =09=09=09}

Is it safe to pass the empty string to curl_easy_setopt, in case
CURL_CA_BUNDLE is unset?  Do we need to check the value first or can we
pass it without checking?

--
Ricardo

GPG: BCA6 89B6 3655 3801 C3C6  2150 197A 5888 235F ACAC
https://elephly.net