GNU bug report logs - #25240
libcurl does not honor SSL_CERT_DIR et al.

Previous Next

Package: guix;

Reported by: Hank Donnay <hdonnay <at> gmail.com>

Date: Tue, 20 Dec 2016 22:36:01 UTC

Severity: normal

Done: Jakub Kądziołka <kuba <at> kadziolka.net>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: ludo <at> gnu.org (Ludovic Courtès)
To: Hank Donnay <hdonnay <at> gmail.com>
Cc: 25240 <at> debbugs.gnu.org
Subject: bug#25240: weechat-1.6: curl error 60
Date: Wed, 25 Jan 2017 12:10:01 +0100

Hello,

Hank Donnay <hdonnay <at> gmail.com> skribis:

> Weechat seems to be unable to do HTTPS, and fails with "curl error 60".
> Setting SSL_CERT_{DIR,FILE} doesn't make a difference. The actual error is:
>
>     script: error downloading list of scripts: curl error 60 (server
> certificate verification failed. CAfile: none CRLfile: none) (URL: "
> https://weechat.org/files/plugins.xml.gz")
>
> I have nss-certs installed, and the files pointed to
> ($GUIX_PROFILE/etc/ssl/certs and
> $GUIX_PROFILE/etc/ssl/certs/ca-certificates.crt) both exist.
>
> Any pointers on where to look to fix this would be appreciated.

Weechat uses libcurl, which uses GnuTLS and does not honor
‘SSL_CERT_DIR’, ‘SSL_CERT_FILE’, and ‘CURL_CA_BUNDLE’.

Instead, GnuTLS defaults to looking for certificates in /etc/ssl/certs,
and it is up to the application to search for certificates in additional
places.

This has been discussed at
<https://lists.gnu.org/archive/html/guix-devel/2017-01/msg00516.html>
but there’s no good solution yet.

Thanks,
Ludo’.
This bug report was last modified 5 years and 161 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.