GNU bug report logs -
#25240
libcurl does not honor SSL_CERT_DIR et al.
Previous Next
Reported by: Hank Donnay <hdonnay <at> gmail.com>
Date: Tue, 20 Dec 2016 22:36:01 UTC
Severity: normal
Done: Jakub Kądziołka <kuba <at> kadziolka.net>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 25240 in the body.
You can then email your comments to 25240 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-guix <at> gnu.org:
bug#25240; Package
guix.
(Tue, 20 Dec 2016 22:36:01 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Hank Donnay <hdonnay <at> gmail.com>:
New bug report received and forwarded. Copy sent to
bug-guix <at> gnu.org.
(Tue, 20 Dec 2016 22:36:01 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Weechat seems to be unable to do HTTPS, and fails with "curl error 60".
Setting SSL_CERT_{DIR,FILE} doesn't make a difference. The actual error is:
script: error downloading list of scripts: curl error 60 (server
certificate verification failed. CAfile: none CRLfile: none) (URL: "
https://weechat.org/files/plugins.xml.gz")
I have nss-certs installed, and the files pointed to
($GUIX_PROFILE/etc/ssl/certs and
$GUIX_PROFILE/etc/ssl/certs/ca-certificates.crt) both exist.
Any pointers on where to look to fix this would be appreciated.
[Message part 2 (text/html, inline)]
Information forwarded
to
bug-guix <at> gnu.org:
bug#25240; Package
guix.
(Wed, 25 Jan 2017 11:11:01 GMT)
Full text and
rfc822 format available.
Message #8 received at 25240 <at> debbugs.gnu.org (full text, mbox):
Hello,
Hank Donnay <hdonnay <at> gmail.com> skribis:
> Weechat seems to be unable to do HTTPS, and fails with "curl error 60".
> Setting SSL_CERT_{DIR,FILE} doesn't make a difference. The actual error is:
>
> script: error downloading list of scripts: curl error 60 (server
> certificate verification failed. CAfile: none CRLfile: none) (URL: "
> https://weechat.org/files/plugins.xml.gz")
>
> I have nss-certs installed, and the files pointed to
> ($GUIX_PROFILE/etc/ssl/certs and
> $GUIX_PROFILE/etc/ssl/certs/ca-certificates.crt) both exist.
>
> Any pointers on where to look to fix this would be appreciated.
Weechat uses libcurl, which uses GnuTLS and does not honor
‘SSL_CERT_DIR’, ‘SSL_CERT_FILE’, and ‘CURL_CA_BUNDLE’.
Instead, GnuTLS defaults to looking for certificates in /etc/ssl/certs,
and it is up to the application to search for certificates in additional
places.
This has been discussed at
<https://lists.gnu.org/archive/html/guix-devel/2017-01/msg00516.html>
but there’s no good solution yet.
Thanks,
Ludo’.
Changed bug title to 'libcurl does not honor SSL_CERT_DIR et al.' from 'weechat-1.6: curl error 60'
Request was from
ludo <at> gnu.org (Ludovic Courtès)
to
control <at> debbugs.gnu.org.
(Wed, 25 Jan 2017 11:11:02 GMT)
Full text and
rfc822 format available.
Reply sent
to
Jakub Kądziołka <kuba <at> kadziolka.net>:
You have taken responsibility.
(Fri, 07 Feb 2020 19:10:01 GMT)
Full text and
rfc822 format available.
Notification sent
to
Hank Donnay <hdonnay <at> gmail.com>:
bug acknowledged by developer.
(Fri, 07 Feb 2020 19:10:01 GMT)
Full text and
rfc822 format available.
Message #15 received at 25240-done <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
A patch that fixes this landed on core-updates, see #38873. A follow-up
bug regarding some cleanup is #39415.
[signature.asc (application/pgp-signature, inline)]
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Sat, 07 Mar 2020 12:24:05 GMT)
Full text and
rfc822 format available.
This bug report was last modified 4 years and 58 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.