[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
rust:cargo (libcurl) vs. CURL_CA_BUNDLE
From: |
David Loyall |
Subject: |
rust:cargo (libcurl) vs. CURL_CA_BUNDLE |
Date: |
Thu, 15 Aug 2019 18:14:41 -0500 |
Hello.
I think the way `cargo` uses `libcurl` is preventing it from looking
in the `CURL_CA_BUNDLE` environment variable to find where the
certificate authority file is.
Here we see what `cargo` I am using:
sebboh@geeks ~/projects$ cargo -V
cargo 1.36.0
Here we see the contents of one of my environment variables:
sebboh@geeks ~/projects$ echo $CURL_CA_BUNDLE
/home/sebboh/.guix-profile/etc/ssl/certs/ca-certificates.crt
Here we try to use `cargo` for a common task:
sebboh@geeks ~/projects$ cargo install rustfmt-nightly
Updating crates.io index
error: failed to download from
`https://crates.io/api/v1/crates/rustfmt-nightly/1.4.5/download`
Caused by:
[60] SSL peer certificate or SSH remote key was not OK (server
certificate verification failed. CAfile: none CRLfile: none)
Here we see that `curl` itself (from `guix install curl`) works fine
(some lines omitted for brevity).
sebboh@geeks ~/projects$ curl -v
https://crates.io/api/v1/crates/pkg-config/0.0.1/download
* Trying 34.202.125.55:443...
* TCP_NODELAY set
* Connected to crates.io (34.202.125.55) port 443 (#0)
* found 153 certificates in
/home/sebboh/.guix-profile/etc/ssl/certs/ca-certificates.crt
[...]
< HTTP/1.1 302 Found
[...]
* Connection #0 to host crates.io left intact
Now what? :)
Please note that I freshly installed `rust:cargo` and did not modify
anything, so maybe our guix package should be updated so it works out
of box. (Granted I think the TOFU principle for CA certs might be
better but, I guess that is not the topic today.)
Thanks, cheers,
--sebboh
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- rust:cargo (libcurl) vs. CURL_CA_BUNDLE,
David Loyall <=