From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ricardo Wurmus Subject: bug#28948: feh does encounter certificate errors with valid certificates Date: Sun, 29 Oct 2017 22:35:39 +0100 Message-ID: <87k1zdljro.fsf@elephly.net> References: <20171022203339.qomgp4xm2rqh4zwe@abyayala> <871slm5eby.fsf@fastmail.com> Mime-Version: 1.0 Content-Type: text/plain Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:40232) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e8vGT-0006G5-Sj for bug-guix@gnu.org; Sun, 29 Oct 2017 17:37:08 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e8vGQ-0002z5-P6 for bug-guix@gnu.org; Sun, 29 Oct 2017 17:37:05 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:60581) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1e8vGQ-0002yw-IZ for bug-guix@gnu.org; Sun, 29 Oct 2017 17:37:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1e8vGQ-0007P8-C7 for bug-guix@gnu.org; Sun, 29 Oct 2017 17:37:02 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-reply-to: <871slm5eby.fsf@fastmail.com> List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Marius Bakke Cc: 28948@debbugs.gnu.org Marius Bakke writes: > ng0 writes: > >> feh https://i.imgur.com/263enxT.jpg >> feh opens image >> >> Problem: >> user@abyayala ~/src/guix/guix$ feh https://i.imgur.com/263enxT.jpg >> feh WARNING: open url: server certificate verification failed. CAfile: none CRLfile: none >> feh WARNING: https://i.imgur.com/263enxT.jpg - File does not exist >> feh: No loadable images specified. >> See 'man feh' for detailed usage information > > This is the same issue with libcurl as has been discussed many times in > the past. Since it won't be fixed upstream any time soon (support for > CURL_CA_BUNDLE has been removed also for Windows), I suggest we "bite > the bullet" this time and add a hard-coded default. This would mean that individual users no longer have control over what certificate authorities they want to trust. Does anything speak against patching in support for the CURL_CA_BUNDLE environment variable? -- Ricardo GPG: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC https://elephly.net