help-guix
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

rust:cargo (libcurl) vs. CURL_CA_BUNDLE


From: David Loyall
Subject: rust:cargo (libcurl) vs. CURL_CA_BUNDLE
Date: Thu, 15 Aug 2019 18:14:41 -0500

Hello.

I think the way `cargo` uses `libcurl` is preventing it from looking
in the `CURL_CA_BUNDLE` environment variable to find where the
certificate authority file is.

Here we see what `cargo` I am using:

    sebboh@geeks ~/projects$ cargo -V
    cargo 1.36.0

Here we see the contents of one of my environment variables:

    sebboh@geeks ~/projects$ echo $CURL_CA_BUNDLE
    /home/sebboh/.guix-profile/etc/ssl/certs/ca-certificates.crt

Here we try to use `cargo` for a common task:

    sebboh@geeks ~/projects$ cargo install rustfmt-nightly
        Updating crates.io index
    error: failed to download from
`https://crates.io/api/v1/crates/rustfmt-nightly/1.4.5/download`

    Caused by:
      [60] SSL peer certificate or SSH remote key was not OK (server
certificate verification failed. CAfile: none CRLfile: none)

Here we see that `curl` itself (from `guix install curl`) works fine
(some lines omitted for brevity).

    sebboh@geeks ~/projects$ curl -v
https://crates.io/api/v1/crates/pkg-config/0.0.1/download
    *   Trying 34.202.125.55:443...
    * TCP_NODELAY set
    * Connected to crates.io (34.202.125.55) port 443 (#0)
    * found 153 certificates in
/home/sebboh/.guix-profile/etc/ssl/certs/ca-certificates.crt
[...]
    < HTTP/1.1 302 Found
[...]
    * Connection #0 to host crates.io left intact

Now what? :)

Please note that I freshly installed `rust:cargo` and did not modify
anything, so maybe our guix package should be updated so it works out
of box.  (Granted I think the TOFU principle for CA certs might be
better but, I guess that is not the topic today.)

Thanks, cheers,
--sebboh



reply via email to

[Prev in Thread] Current Thread [Next in Thread]