bug#61557: vdirsyncer fails to verify certificates - Ethan Blanton via Bug reports for GNU Guix

all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed

From: Ethan Blanton via Bug reports for GNU Guix <bug-guix@gnu.org>
To: 61557@debbugs.gnu.org
Subject: bug#61557: vdirsyncer fails to verify certificates
Date: Sun, 26 Mar 2023 18:05:25 -0400	[thread overview]
Message-ID: <ZCDBpX9L2+FHO3qK@colt.lan> (raw)
In-Reply-To: <Y+6SIw5S64Rodiyi@colt.lan>

(Pardon the delay, for some reason I do not get email notifications
for this bug.)

I had read the X.509 Certificates section of the manual, but since my
certificates ARE in the default location of /etc/ssl/certs, and
vdirsyncer had previously worked, for some reason I did not dig into
it deeply enough, or perhaps I attempted to set it up wrongly at some
point in the past.

Setting SSL_CERT_DIR=/etc/ssl/certs in my environment fixes the
vdirsyncer package, and it syncs correctly.

I have also discovered that python aiohttp will correctly verify
certificates WITHOUT this environment variable with:

guix shell -P -C -N python python-aiohttp nss-certs openssl

Leaving out EITHER nss-certs OR openssl causes aiohttp to exhibit the
same behavior as vdirsyncer.

However, including both of these packages in the same (foreign distro)
profile that includes vdirsyncer does NOT cause vdirsyncer to
correctly verify certificates.

I am not sure what this means for this bug; certainly the change from
"working without extra configuration" to "broken without extra
configuration" is a regression in user experience, but it may be that
it is working as intended.  It seems to me that the principle of least
astonishment for foreign distro users would suggest that python
aiohttp defaults to loading /etc/ssl/certs from the foreign distro, if
present.

next prev parent reply	other threads:[~2023-03-26 22:06 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <Y+6SIw5S64Rodiyi@colt.lan>
2023-02-25  2:44 ` bug#61557: vdirsyncer fails to verify certificates Tobias Geerinckx-Rice via Bug reports for GNU Guix
     [not found] ` <Y/ly3+gvZbQuM7Wc@colt.lan>
2023-02-25  8:58   ` bug#61557: bug database indexing problem for bug #61557 Michael Albinus
2023-02-25 21:52 ` bug#61557: vdirsyncer fails to verify certificates Leo Famulari
2023-03-26 22:05 ` Ethan Blanton via Bug reports for GNU Guix [this message]
2023-03-27 12:50   ` Giovanni Biscuolo

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ZCDBpX9L2+FHO3qK@colt.lan \
    --to=bug-guix@gnu.org \
    --cc=61557@debbugs.gnu.org \
    --cc=elb@kb8ojh.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.