[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

rust:cargo (libcurl) vs. CURL_CA_BUNDLE

From: David Loyall
Subject: rust:cargo (libcurl) vs. CURL_CA_BUNDLE
Date: Thu, 15 Aug 2019 18:14:41 -0500


I think the way `cargo` uses `libcurl` is preventing it from looking
in the `CURL_CA_BUNDLE` environment variable to find where the
certificate authority file is.

Here we see what `cargo` I am using:

    sebboh@geeks ~/projects$ cargo -V
    cargo 1.36.0

Here we see the contents of one of my environment variables:

    sebboh@geeks ~/projects$ echo $CURL_CA_BUNDLE

Here we try to use `cargo` for a common task:

    sebboh@geeks ~/projects$ cargo install rustfmt-nightly
        Updating index
    error: failed to download from

    Caused by:
      [60] SSL peer certificate or SSH remote key was not OK (server
certificate verification failed. CAfile: none CRLfile: none)

Here we see that `curl` itself (from `guix install curl`) works fine
(some lines omitted for brevity).

    sebboh@geeks ~/projects$ curl -v
    *   Trying
    * TCP_NODELAY set
    * Connected to ( port 443 (#0)
    * found 153 certificates in
    < HTTP/1.1 302 Found
    * Connection #0 to host left intact

Now what? :)

Please note that I freshly installed `rust:cargo` and did not modify
anything, so maybe our guix package should be updated so it works out
of box.  (Granted I think the TOFU principle for CA certs might be
better but, I guess that is not the topic today.)

Thanks, cheers,

reply via email to

[Prev in Thread] Current Thread [Next in Thread]