Re: rust:cargo (libcurl) vs. CURL_CA

help-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: rust:cargo (libcurl) vs. CURL_CA_BUNDLE

From:	David Loyall
Subject:	Re: rust:cargo (libcurl) vs. CURL_CA_BUNDLE
Date:	Tue, 3 Sep 2019 19:16:48 -0500

> This was discussed recently on IRC:
>   http://logs.guix.gnu.org/guix/2019-08-29.log#102010
> Unfortunately we didn’t reach a conclusion.

Ok, thank you.  Unfortunately that user's pastebins expired so I was
not able to compare with my own `ltrace` output.

> The ‘ltrace -e getenv’ trick I gave might give us
> clues about relevant environment variables.

Ok, let's see:

    sebboh@geeks ~$ ltrace -e getenv cargo -vv install rustfmt-nightly
    libcrypto.so.1.0.0->getenv("SSL_CERT_FILE")
                                                        =
"/home/sebboh/.guix-profile/etc/s"...
    libcrypto.so.1.0.0->getenv("SSL_CERT_DIR")
                                                        =
"/home/sebboh/.guix-profile/etc/s"...
        Updating crates.io index
    libcurl.so.4->getenv("no_proxy")
                                                        = nil
    libcurl.so.4->getenv("NO_PROXY")
                                                        = nil
    libcurl.so.4->getenv("https_proxy")
                                                        = nil
    libcurl.so.4->getenv("HTTPS_PROXY")
                                                        = nil
    libcurl.so.4->getenv("all_proxy")
                                                        = nil
    libcurl.so.4->getenv("ALL_PROXY")
                                                        = nil
    libcurl.so.4->getenv("no_proxy")
                                                        = nil
    libcurl.so.4->getenv("NO_PROXY")
                                                        = nil
    libcurl.so.4->getenv("http_proxy")
                                                        = nil
    libcurl.so.4->getenv("all_proxy")
                                                        = nil
    libcurl.so.4->getenv("ALL_PROXY")
                                                        = nil
    libcrypto.so.1.0.0->getenv("OPENSSL_ALLOW_PROXY_CERTS")
                                                        = nil
    libcurl.so.4->getenv("no_proxy")
                                                        = nil
    libcurl.so.4->getenv("NO_PROXY")
                                                        = nil
    libcurl.so.4->getenv("http_proxy")
                                                        = nil
    libcurl.so.4->getenv("all_proxy")
                                                        = nil
    libcurl.so.4->getenv("ALL_PROXY")
                                                        = nil
    libcrypto.so.1.0.0->getenv("OPENSSL_ALLOW_PROXY_CERTS")
                                                        = nil
    libcurl.so.4->getenv("no_proxy")
                                                        = nil
    libcurl.so.4->getenv("NO_PROXY")
                                                        = nil
    libcurl.so.4->getenv("http_proxy")
                                                        = nil
    libcurl.so.4->getenv("all_proxy")
                                                        = nil
    libcurl.so.4->getenv("ALL_PROXY")
                                                        = nil
    libcrypto.so.1.0.0->getenv("OPENSSL_ALLOW_PROXY_CERTS")
                                                        = nil
    libcurl.so.4->getenv("no_proxy")
                                                        = nil
    libcurl.so.4->getenv("NO_PROXY")
                                                        = nil
    libcurl.so.4->getenv("https_proxy")
                                                        = nil
    libcurl.so.4->getenv("HTTPS_PROXY")
                                                        = nil
    libcurl.so.4->getenv("all_proxy")
                                                        = nil
    libcurl.so.4->getenv("ALL_PROXY")
                                                        = nil
    error: failed to download from
`https://crates.io/api/v1/crates/rustfmt-nightly/1.4.6/download`

    Caused by:
      [60] SSL peer certificate or SSH remote key was not OK (server
certificate verification failed. CAfile: none CRLfile: none)
    +++ exited (status 101) +++

I investigated this `OPENSSL_ALLOW_PROXY_CERTS` variable and I
concluded that I am not using any such cert--I believe in this case
libcurl checks an environment variable but would not act on the
result?  Anyway, I don't use a proxy.  (I just confirmed crates.io is
not on the blacklist at work.)

Well, I'm not sure what to check next.  I can tell you that the values
of SSL_CERT_FILE and SSL_CERT_DIR seem to be correct (even though the
ltrace output truncates them).

Cheers, thanks,
--sebboh

[Prev in Thread]

Current Thread

[Next in Thread]

Re: rust:cargo (libcurl) vs. CURL_CA_BUNDLE, Ludovic Courtès, 2019/09/01
- Re: rust:cargo (libcurl) vs. CURL_CA_BUNDLE, David Loyall <=
  - Re: rust:cargo (libcurl) vs. CURL_CA_BUNDLE, Robin Heinemann, 2019/09/24

Prev by Date: Report on environment variable issues
Next by Date: Re: adding environment variables to /etc/config.scm
Previous by thread: Re: rust:cargo (libcurl) vs. CURL_CA_BUNDLE
Next by thread: Re: rust:cargo (libcurl) vs. CURL_CA_BUNDLE
Index(es):
- Date
- Thread