From unknown Sat Jun 21 03:29:30 2025 X-Loop: help-debbugs@gnu.org Subject: bug#28948: feh does encounter certificate errors with valid certificates Resent-From: ng0 Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Sun, 22 Oct 2017 20:35:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 28948 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 28948@debbugs.gnu.org X-Debbugs-Original-To: bug-guix@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.150870449017210 (code B ref -1); Sun, 22 Oct 2017 20:35:01 +0000 Received: (at submit) by debbugs.gnu.org; 22 Oct 2017 20:34:50 +0000 Received: from localhost ([127.0.0.1]:56273 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e6MxO-0004TV-FR for submit@debbugs.gnu.org; Sun, 22 Oct 2017 16:34:50 -0400 Received: from eggs.gnu.org ([208.118.235.92]:33564) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e6MxM-0004TJ-Nu for submit@debbugs.gnu.org; Sun, 22 Oct 2017 16:34:49 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e6MxG-0003rI-NC for submit@debbugs.gnu.org; Sun, 22 Oct 2017 16:34:43 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=BAYES_20 autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:56590) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1e6MxG-0003rA-Jh for submit@debbugs.gnu.org; Sun, 22 Oct 2017 16:34:42 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:52745) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e6MxF-0006h7-Fd for bug-guix@gnu.org; Sun, 22 Oct 2017 16:34:42 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e6MxA-0003oY-JF for bug-guix@gnu.org; Sun, 22 Oct 2017 16:34:41 -0400 Received: from aibo.runbox.com ([91.220.196.211]:36616) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1e6Mwp-0003c3-6R for bug-guix@gnu.org; Sun, 22 Oct 2017 16:34:36 -0400 Received: from [10.9.9.212] (helo=mailfront12.runbox.com) by mailtransmit02.runbox with esmtp (Exim 4.86_2) (envelope-from ) id 1e6Mwl-0001yN-U6 for bug-guix@gnu.org; Sun, 22 Oct 2017 22:34:12 +0200 Received: from [109.236.90.209] (helo=localhost) by mailfront12.runbox.com with esmtpsa (uid:892961 ) (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) id 1e6MwI-0002jy-B0 for bug-guix@gnu.org; Sun, 22 Oct 2017 22:33:42 +0200 Date: Sun, 22 Oct 2017 20:33:39 +0000 From: ng0 Message-ID: <20171022203339.qomgp4xm2rqh4zwe@abyayala> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="lptiavxx24vswkmi" Content-Disposition: inline X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -5.0 (-----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) --lptiavxx24vswkmi Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable feh https://i.imgur.com/263enxT.jpg feh opens image Problem: user@abyayala ~/src/guix/guix$ feh https://i.imgur.com/263enxT.jpg feh WARNING: open url: server certificate verification failed. CAfile: none= CRLfile: none feh WARNING: https://i.imgur.com/263enxT.jpg - File does not exist feh: No loadable images specified. See 'man feh' for detailed usage information nss etc are in my profile, no problem with other curl based applications. --=20 ng0 GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588 GnuPG: https://dist.ng0.infotropique.org/dist/keys/ https://www.infotropique.org https://ng0.infotropique.org --lptiavxx24vswkmi Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEqIyK3RKYKNfqwC5S4i+bv+40hYgFAlntAKMACgkQ4i+bv+40 hYi7Pg/+IRZi5bgVWsgDd84nSiTGWmC2D8w6Oi4Y7bruX9BdIXMS6nyMbx2wTpBL OJr6Fsl3xkjFSDD2BBkNrlG5eLqraz3igEMNpQ5VzR+RvSwspSNdVnUqHrR/reZM H7/Wr8qkvmN+30utM2yMS3yfRemGWY2Z8vwHE/aKZ2JLUus0Z2AyXTqXiAXeM5SO cB9sGlmKvOCSkhsf2gn/jjlgeLiXKLNBxUHczG4XjRHtNijqgIYZ9m7FeomwmvU1 PCs0UIYD8jAFne2vdaynBX4HP1xVNgdaLO1kGSTV+xmthG6qzG0m4uMRi6EDCLxZ MfLQ2aqKNG05I02rQoTKr4nib5r0K+xCKMlTnjRPL/8ODySwmwQc7+0oLJOZdUcb 9XpqO9eD7vrSqK41c6uTgl6AQc3E9NPrlsyDVN9KkcG8KODM0xnGQBl1+qyutrDJ 0NXvrfUfaJuH1/ncuBvA6SuAAuOxM6yGjrgmf9Xtksq6M/RL9BvvDmBuPiBr1Vb5 iy9fNK8xmBv89z958jnGO92PvksCwqvBkA/9fRv5k1mEu7DU4vScGcPysTDSXc5f 7COj60Iqz9jde4gXnymI/RetbEoxoXxEdCfz6Ez3bDsqLbGb8wQYf5kpky/2wyqS 941n2maJgY+EVmI8wtdYPHlyunvphb2ZMefkbjDnXbfxQAwuKz8= =S0n8 -----END PGP SIGNATURE----- --lptiavxx24vswkmi-- From unknown Sat Jun 21 03:29:30 2025 X-Loop: help-debbugs@gnu.org Subject: bug#28948: feh does encounter certificate errors with valid certificates Resent-From: Marius Bakke Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Sun, 29 Oct 2017 12:28:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 28948 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: ng0 , 28948@debbugs.gnu.org Received: via spool by 28948-submit@debbugs.gnu.org id=B28948.15092800532850 (code B ref 28948); Sun, 29 Oct 2017 12:28:01 +0000 Received: (at 28948) by debbugs.gnu.org; 29 Oct 2017 12:27:33 +0000 Received: from localhost ([127.0.0.1]:39895 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e8mgf-0000jt-DP for submit@debbugs.gnu.org; Sun, 29 Oct 2017 08:27:33 -0400 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:55751) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e8mge-0000jm-4f for 28948@debbugs.gnu.org; Sun, 29 Oct 2017 08:27:32 -0400 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 40A19207FE; Sun, 29 Oct 2017 08:27:31 -0400 (EDT) Received: from frontend2 ([10.202.2.161]) by compute5.internal (MEProxy); Sun, 29 Oct 2017 08:27:31 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h= content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=CJ6CotsGRxAVt+GmB7wNJNRC1exl+gat+AReccsHTLY=; b=f8RJ6wpG KQ72jD9WNC0zYkufuilaBH4UH6Z/CJg8PLkiVuGRPNPONMbj9mGpQpQNjoCynYLG 6lVUTmWmSrvJWtZo0SiZG8MZ99hlKbQSOzDYwCGHyt/1+f2bud8OLDl7rldsGzCi Dl5zJ9vUV9DN+b4d7LEY2eLiCsNA5cWg3qc4EbJl0eww63zLAejiq7DDRZgHwK68 AWGeDibT0irAtc44pi6B0soFURcqIZ/ji3pxtO1OwNkhd79GSix6vG90mfGJ/lhq QwBxPRw6pwMhB7ta31Go70G6Q0YDi69pce2p0nkiiJkVcA31VyFiwCI/Didfv5Gv nplaVBI2sZ5NDQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=CJ6CotsGRxAVt+GmB7wNJNRC1exl+ gat+AReccsHTLY=; b=jM06cLrWrKqV1eorSiBamoAQ5gTWRVjnZehSoayBLh0qL QTMHa/Hdpk7zi3x5sY+gvQQdErdtKKeHX9JEtXUVbMXnkU9NTdTX9o52Op5BedZ2 IqREmBUNKlkWFqc/FA/0q7ze/cX1VBg7VL7vMvUi8EQ6ivKPwXGwhZrK7tZuWa2B Ls/HfFo/rSu3t3C+dKnu1NBa9jkYIEbXSb2aF6SZkWSZkS7r0xjaV8h7GUsh5NWL 9VNynAoHm3n4RUKUBoN9ONZTyyeXZ1VJEJeL84m4Wv0Hmtqw2rfKX4UfgMN4fTXy yU+IVBLcWVbe3sva9tFGBTFWLVi4yLjuWrRuQjhIg== X-ME-Sender: Received: from localhost (cm-84.214.173.174.getinternet.no [84.214.173.174]) by mail.messagingengine.com (Postfix) with ESMTPA id C106D247D9; Sun, 29 Oct 2017 08:27:30 -0400 (EDT) From: Marius Bakke In-Reply-To: <20171022203339.qomgp4xm2rqh4zwe@abyayala> References: <20171022203339.qomgp4xm2rqh4zwe@abyayala> User-Agent: Notmuch/0.25.1 (https://notmuchmail.org) Emacs/25.3.1 (x86_64-pc-linux-gnu) Date: Sun, 29 Oct 2017 13:27:29 +0100 Message-ID: <871slm5eby.fsf@fastmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --==-=-= Content-Type: multipart/mixed; boundary="=-=-=" --=-=-= Content-Type: text/plain ng0 writes: > feh https://i.imgur.com/263enxT.jpg > feh opens image > > Problem: > user@abyayala ~/src/guix/guix$ feh https://i.imgur.com/263enxT.jpg > feh WARNING: open url: server certificate verification failed. CAfile: none CRLfile: none > feh WARNING: https://i.imgur.com/263enxT.jpg - File does not exist > feh: No loadable images specified. > See 'man feh' for detailed usage information This is the same issue with libcurl as has been discussed many times in the past. Since it won't be fixed upstream any time soon (support for CURL_CA_BUNDLE has been removed also for Windows), I suggest we "bite the bullet" this time and add a hard-coded default. I've verified that this patch works (on GuixSD): --=-=-= Content-Type: text/x-patch Content-Disposition: inline; filename=0001-gnu-curl-Look-up-SSL-certificates-in-etc-ssl-certs-b.patch Content-Transfer-Encoding: quoted-printable From=202ae03883c2526965f1a93cf5c691c41f02dc14b4 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Fri, 9 Jun 2017 16:45:38 +0200 Subject: [PATCH] gnu: curl: Look up SSL certificates in /etc/ssl/certs by default. * gnu/packages/curl.scm (curl)[arguments]<#:configure-flags>: Add '--with-c= a-path'. <#:phases>: Delete test that tries to use it. =2D-- gnu/packages/curl.scm | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm index 2e4a48d1e..7248a6d40 100644 =2D-- a/gnu/packages/curl.scm +++ b/gnu/packages/curl.scm @@ -67,7 +67,14 @@ ("pkg-config" ,pkg-config) ("python" ,python-2))) (arguments =2D `(#:configure-flags '("--with-gnutls" "--with-gssapi") + `(#:configure-flags '("--with-gnutls" "--with-gssapi" + ;; Hard-code a default CA certificate path so th= at + ;; most things work "out of the box", at least on + ;; GuixSD and Debian-based distributions. + ;; libcurl does not support overriding this at r= untime + ;; except through the API, and it's impractical = to + ;; patch every application to respect CURL_CA_BU= NDLE. + "--with-ca-bundle=3D/etc/ssl/certs/ca-certificat= es.crt") ;; Add a phase to patch '/bin/sh' occurances in tests/runtests.pl #:phases (modify-phases %standard-phases @@ -87,6 +94,10 @@ (substitute* "tests/runtests.pl" (("/bin/sh") (which "sh"))) =20 + ;; XXX: This test fails because the default CA bundle path + ;; does not exist in the build environment. + (delete-file "tests/data/test324") + ;; XXX FIXME: Test #1510 seems to work on some machines and not ;; others, possibly based on the kernel version. It works on G= uixSD ;; on x86_64 with linux-libre-4.1, but fails on Hydra for both = i686 =2D-=20 2.14.3 --=-=-=-- --==-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAln1yTEACgkQoqBt8qM6 VPquBwgAvyCZgJuVsfOm08NVOJQyEMLycO1fdGtdjDB8rfAyjLdEH3/QYv+V/dSX 5edWyv2ThUnHTFxgJeYPW78sfT6IjZrth7pHBoIZVKBQ1yd8VpOYoZIsq+jbPNmB SuMXuNB0KRebD95NZD4UGaZlPTSM7VT6kQxWIDvPUydWfzwZOAdK4x/ORA9yx8jk 04VVsMBwUS7VfsJarT4uibkS/Kw8gIv0pOH+gy0+gohDb9rDCYY8Hnq5v62NDYZY ExBHrMMknyLoB3r5Zw3MHv3xgWzW71JT+vfAckwuPFiguAAkYjed28Bh+89Jbagc dzphiEuqWOFY1OsPYT7oOvhXVg3vTQ== =Brsk -----END PGP SIGNATURE----- --==-=-=-- From unknown Sat Jun 21 03:29:30 2025 X-Loop: help-debbugs@gnu.org Subject: bug#28948: feh does encounter certificate errors with valid certificates Resent-From: Ricardo Wurmus Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Sun, 29 Oct 2017 21:37:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 28948 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Marius Bakke Cc: 28948@debbugs.gnu.org, ng0 Received: via spool by 28948-submit@debbugs.gnu.org id=B28948.150931297828388 (code B ref 28948); Sun, 29 Oct 2017 21:37:02 +0000 Received: (at 28948) by debbugs.gnu.org; 29 Oct 2017 21:36:18 +0000 Received: from localhost ([127.0.0.1]:41024 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e8vFh-0007No-Mt for submit@debbugs.gnu.org; Sun, 29 Oct 2017 17:36:17 -0400 Received: from sender-of-o51.zoho.com ([135.84.80.216]:21034) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e8vFf-0007Ne-3L for 28948@debbugs.gnu.org; Sun, 29 Oct 2017 17:36:15 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1509312942; s=zoho; d=elephly.net; i=rekado@elephly.net; h=References:From:To:Cc:Subject:In-reply-to:Date:Message-ID:MIME-Version:Content-Type; l=1079; bh=Wztvm3XWaHaiqoTNCWWTxRULjvH7mn7N12QPGdfeihw=; b=Rzb32adVD1ri5K0BfSSQ1QQDUz4s1lkMTKjGvvxaWAHWo7xjwpGI1AA7I6/Mvvoe jx9FV3IQeH9nING6W06F6REAmxCzeDwPL1HuwQw81lJFKnHMZFWphgkxT/Hv9SPHKeo PuUchbcFlDuETBFIw/r6+dLgLuDsAVTh6XU6YQi8= Received: from localhost (port-92-200-4-55.dynamic.qsc.de [92.200.4.55]) by mx.zohomail.com with SMTPS id 1509312942616525.7318158128511; Sun, 29 Oct 2017 14:35:42 -0700 (PDT) References: <20171022203339.qomgp4xm2rqh4zwe@abyayala> <871slm5eby.fsf@fastmail.com> User-agent: mu4e 0.9.18; emacs 25.3.1 From: Ricardo Wurmus In-reply-to: <871slm5eby.fsf@fastmail.com> X-URL: https://elephly.net X-PGP-Key: https://elephly.net/rekado.pubkey X-PGP-Fingerprint: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC Date: Sun, 29 Oct 2017 22:35:39 +0100 Message-ID: <87k1zdljro.fsf@elephly.net> MIME-Version: 1.0 Content-Type: text/plain X-ZohoMailClient: External X-Spam-Score: -2.8 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.8 (--) Marius Bakke writes: > ng0 writes: > >> feh https://i.imgur.com/263enxT.jpg >> feh opens image >> >> Problem: >> user@abyayala ~/src/guix/guix$ feh https://i.imgur.com/263enxT.jpg >> feh WARNING: open url: server certificate verification failed. CAfile: none CRLfile: none >> feh WARNING: https://i.imgur.com/263enxT.jpg - File does not exist >> feh: No loadable images specified. >> See 'man feh' for detailed usage information > > This is the same issue with libcurl as has been discussed many times in > the past. Since it won't be fixed upstream any time soon (support for > CURL_CA_BUNDLE has been removed also for Windows), I suggest we "bite > the bullet" this time and add a hard-coded default. This would mean that individual users no longer have control over what certificate authorities they want to trust. Does anything speak against patching in support for the CURL_CA_BUNDLE environment variable? -- Ricardo GPG: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC https://elephly.net From unknown Sat Jun 21 03:29:30 2025 X-Loop: help-debbugs@gnu.org Subject: bug#28948: feh does encounter certificate errors with valid certificates Resent-From: Marius Bakke Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Sun, 29 Oct 2017 22:01:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 28948 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Ricardo Wurmus Cc: 28948@debbugs.gnu.org, ng0 Received: via spool by 28948-submit@debbugs.gnu.org id=B28948.15093144125385 (code B ref 28948); Sun, 29 Oct 2017 22:01:02 +0000 Received: (at 28948) by debbugs.gnu.org; 29 Oct 2017 22:00:12 +0000 Received: from localhost ([127.0.0.1]:41050 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e8vcq-0001Om-7v for submit@debbugs.gnu.org; Sun, 29 Oct 2017 18:00:12 -0400 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:57831) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e8vco-0001Of-Sv for 28948@debbugs.gnu.org; Sun, 29 Oct 2017 18:00:11 -0400 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 50CF120B16; Sun, 29 Oct 2017 18:00:10 -0400 (EDT) Received: from frontend1 ([10.202.2.160]) by compute5.internal (MEProxy); Sun, 29 Oct 2017 18:00:10 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h= cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=MAZb8G+L3pZ0fV5mVdE/6eXs3OShoGaukygfavPnhqU=; b=slXjHoNM ocsGdrKuLfVUqbQ9QdbvOyUkPPbKvQSpGBlU/MHQFP4RBOV/Xtp99HTAOtiBzODm sLPAxgYh2YPGW+HFSVhAWwB8MKb5l8xxMM9h5CkQaKJ1QHSRn7M67kXIT2yoDqqS bqN7s0HNrt4z23quGt+jj8/nXLPwfUiyIA/I2QsDHwq74ZA1lGgfbEVho8zVaa6N yhpfHSvG31/8ia7LtKj8DE5ngfUq0xDyjQ44tSP1+Ev6XZg6P5VkBK7l3VYPgx+s csW78Oh7vg2KALTuEMoMmYji4UFGoczTupigrvmGDn4bckjoUcWihvoYQ4XW56iv nCPY6QpZWTkbgg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=MAZb8G+L3pZ0fV5mVdE/6eXs3OSho GaukygfavPnhqU=; b=YH1ZKkJQcTR8Adl0XYPR8qbARYS23ddvqjgdSKFj2mlJV sD3tu6nvpgsVYJfemon5gzlyiEBtl7YBg2kyP1OFKJq1TmshCcMfYiyuw4jsn2v/ jN5WZ2CEPsJedy+vIjNpHeOy0dMKH06RK1cZmm1zVkd/jKDxCTMstEyqicF/3LLn eT+wT9Jt3aC3jV1ftrjsztbqQHxjOkdYE29om7+kLdnrF6C52OT5zykFCQPohEJQ u4wJZ6NS9c8pBX2k7mCQ2NpUttbWIAtHHxLTepX5+hVLN9sXijJkEIYtpRh3HDl0 /YDc7Rj2NKsil06wGHMr3ePhIODS4a4Nnm7H47D+g== X-ME-Sender: Received: from localhost (cm-84.214.173.174.getinternet.no [84.214.173.174]) by mail.messagingengine.com (Postfix) with ESMTPA id DB9D57F9CF; Sun, 29 Oct 2017 18:00:09 -0400 (EDT) From: Marius Bakke In-Reply-To: <87k1zdljro.fsf@elephly.net> References: <20171022203339.qomgp4xm2rqh4zwe@abyayala> <871slm5eby.fsf@fastmail.com> <87k1zdljro.fsf@elephly.net> User-Agent: Notmuch/0.25.1 (https://notmuchmail.org) Emacs/25.3.1 (x86_64-pc-linux-gnu) Date: Sun, 29 Oct 2017 23:00:08 +0100 Message-ID: <87tvyh4ntj.fsf@fastmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --=-=-= Content-Type: text/plain Ricardo Wurmus writes: > Marius Bakke writes: > >> ng0 writes: >> >>> feh https://i.imgur.com/263enxT.jpg >>> feh opens image >>> >>> Problem: >>> user@abyayala ~/src/guix/guix$ feh https://i.imgur.com/263enxT.jpg >>> feh WARNING: open url: server certificate verification failed. CAfile: none CRLfile: none >>> feh WARNING: https://i.imgur.com/263enxT.jpg - File does not exist >>> feh: No loadable images specified. >>> See 'man feh' for detailed usage information >> >> This is the same issue with libcurl as has been discussed many times in >> the past. Since it won't be fixed upstream any time soon (support for >> CURL_CA_BUNDLE has been removed also for Windows), I suggest we "bite >> the bullet" this time and add a hard-coded default. > > This would mean that individual users no longer have control over what > certificate authorities they want to trust. Check and mate. I never considered this, but that makes this patch a non-starter. > Does anything speak against patching in support for the CURL_CA_BUNDLE > environment variable? No, it looks like the only option. Should set a good precedent. :-) --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAln2T2gACgkQoqBt8qM6 VPokzQgAz3gY7N+vKJCtlTCP4KI+SYmnyq+V/78pbFpXvarSrpeXGWDqCwavk2+6 rcUgAk1jTtoSgOg+p/ikkb9M0mVtLbZJ258ILSiXdcwTJWZq2bwW0Ditwzv6fM8I DS1JKYQ6QXuOB/ct1gJfYWZA4w9lq6BnLwNjutsTzA8jwz3vPbF/qMQaGBGj6edD DuPen9cetAbud9sVL24mWC8i5Xhef+MMxDb1zjsVCoab9nZT75DavfkLZDb9W9KU Imihk04ZF69hhg8e0ke48+xvrxkqBgV1p/vqmPTz7LZZCEfLZIc6VEFJQfjfE19h HlvUm/1gyyclYPv0/dNz7VI91DcOVA== =yqOY -----END PGP SIGNATURE----- --=-=-=-- From unknown Sat Jun 21 03:29:30 2025 X-Loop: help-debbugs@gnu.org Subject: bug#28948: feh does encounter certificate errors with valid certificates Resent-From: Marius Bakke Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Sun, 29 Oct 2017 23:48:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 28948 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: ng0 , 28948@debbugs.gnu.org Received: via spool by 28948-submit@debbugs.gnu.org id=B28948.150932084515391 (code B ref 28948); Sun, 29 Oct 2017 23:48:01 +0000 Received: (at 28948) by debbugs.gnu.org; 29 Oct 2017 23:47:25 +0000 Received: from localhost ([127.0.0.1]:41091 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e8xIb-000409-9a for submit@debbugs.gnu.org; Sun, 29 Oct 2017 19:47:25 -0400 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:58565) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e8xIU-0003zv-TJ for 28948@debbugs.gnu.org; Sun, 29 Oct 2017 19:47:23 -0400 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 3EC6C2098B; Sun, 29 Oct 2017 19:47:18 -0400 (EDT) Received: from frontend1 ([10.202.2.160]) by compute5.internal (MEProxy); Sun, 29 Oct 2017 19:47:18 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h= content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=UzHuqrmM67ST/Kumc4WVOsWKR0NJDGSP83lmvXq95lo=; b=rp4QJ2L4 vUehw579mJzWZOXX8WmyY9TwdDo9UPncaTx41PYMx25W1eKk8qarDCs/PtE5iq4b hrtxstaMl9bAI59Z67aigvaskw9LxNjZr4EdCJeSa/wRM3jOTu2wYorsQ4SA7TWE R6pvuHEOHTspgPUMlxeHfgZRGY6hCdnKbe6JzfVVclmVDWzlurKeIJrIWPdYUQyu Q+b8gnXYtUt2MEs6H9jYtkFtEX08tzL74p0xRL6/ZG2jJILaOc/4sgrjH9gm6g2n wE+5m1jzeimIEyaEtyvOtgzw3xdK0eg3UpGz8FDjTTOX7Q0de2CMLnL/hYAmpJU+ E5L2lir2l4V8gA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=UzHuqrmM67ST/Kumc4WVOsWKR0NJD GSP83lmvXq95lo=; b=OJ8HFdsFkGcxY0n/HORyOBGdilLPeXNn1kEmAf6SmgpAK fv5b23mZev76mRmrr0sVNjAVf/SL2MabDOnxXRGUThFRNa0krt21JBVgwsi2AyYy cHpWf9lsbKedXwFpPwCRliMJv7Y/E3HC8DocAkPLhVHTDSiUvfjhieYYxaIUKXld Hu0247MOcZ3J4nLbnpE9m+xrlXF+fEeRfog6y0dLtEgGRdCWZLh3cMDt/I+8UEva Qq64XhQnTnx1mfOgkY+Hw5IrCSYYoXFXCMEFwFeS4cSZrZjgl+tkOxwZGp9Q9eNC LJv1NHzV6kK9NIOGwS2Gqj1WyKb0pNB6rzkP9eVOw== X-ME-Sender: Received: from localhost (cm-84.214.173.174.getinternet.no [84.214.173.174]) by mail.messagingengine.com (Postfix) with ESMTPA id C111C7F91F; Sun, 29 Oct 2017 19:47:17 -0400 (EDT) From: Marius Bakke In-Reply-To: <20171022203339.qomgp4xm2rqh4zwe@abyayala> References: <20171022203339.qomgp4xm2rqh4zwe@abyayala> User-Agent: Notmuch/0.25.1 (https://notmuchmail.org) Emacs/25.3.1 (x86_64-pc-linux-gnu) Date: Mon, 30 Oct 2017 00:47:16 +0100 Message-ID: <87r2tl4iuz.fsf@fastmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --==-=-= Content-Type: multipart/mixed; boundary="=-=-=" --=-=-= Content-Type: text/plain ng0 writes: > feh https://i.imgur.com/263enxT.jpg > feh opens image > > Problem: > user@abyayala ~/src/guix/guix$ feh https://i.imgur.com/263enxT.jpg > feh WARNING: open url: server certificate verification failed. CAfile: none CRLfile: none > feh WARNING: https://i.imgur.com/263enxT.jpg - File does not exist > feh: No loadable images specified. > See 'man feh' for detailed usage information > > nss etc are in my profile, no problem with other curl based applications. The attached patch should fix the problem. Can you try it? --=-=-= Content-Type: text/x-patch Content-Disposition: inline; filename=0001-gnu-feh-Respect-CURL_CA_BUNDLE.patch Content-Transfer-Encoding: quoted-printable From=20cadea693c636affd0d4cc5749eb88b5408aac07f Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Mon, 30 Oct 2017 00:18:03 +0100 Subject: [PATCH] gnu: feh: Respect $CURL_CA_BUNDLE. * gnu/packages/patches/feh-respect-CURL_CA_BUNDLE.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. * gnu/packages/image-viewers.scm (feh)[source]: Use it. [native-search-paths]: New field. =2D-- gnu/local.mk | 1 + gnu/packages/image-viewers.scm | 8 ++++++++ gnu/packages/patches/feh-respect-CURL_CA_BUNDLE.patch | 18 +++++++++++++++= +++ 3 files changed, 27 insertions(+) create mode 100644 gnu/packages/patches/feh-respect-CURL_CA_BUNDLE.patch diff --git a/gnu/local.mk b/gnu/local.mk index 90dc7aec1..7a74501aa 100644 =2D-- a/gnu/local.mk +++ b/gnu/local.mk @@ -616,6 +616,7 @@ dist_patch_DATA =3D \ %D%/packages/patches/fasthenry-spFactor.patch \ %D%/packages/patches/fcgi-2.4.0-gcc44-fixes.patch \ %D%/packages/patches/fcgi-2.4.0-poll.patch \ + %D%/packages/patches/feh-respect-CURL_CA_BUNDLE.patch \ %D%/packages/patches/file-CVE-2017-1000249.patch \ %D%/packages/patches/findutils-localstatedir.patch \ %D%/packages/patches/findutils-gnulib-multi-core.patch \ diff --git a/gnu/packages/image-viewers.scm b/gnu/packages/image-viewers.scm index 9e93a97a9..98193063e 100644 =2D-- a/gnu/packages/image-viewers.scm +++ b/gnu/packages/image-viewers.scm @@ -61,6 +61,7 @@ (method url-fetch) (uri (string-append home-page name "-" version ".tar.bz2")) + (patches (search-patches "feh-respect-CURL_CA_BUNDLE.patch")) (sha256 (base32 "0azgpr4al2pi4858z4xh4lfz84cvzxw3n426fn7rz6cdj34q212j")))) @@ -79,6 +80,13 @@ ("libxt" ,libxt) ("libx11" ,libx11) ("libxinerama" ,libxinerama))) + (native-search-paths + ;; Respect the same options as the `curl` command-line client. + (list (search-path-specification + (variable "CURL_CA_BUNDLE") + (file-type 'regular) + (separator #f) ;single entry + (files '("etc/ssl/certs/ca-certificates.crt"))))) (synopsis "Fast and light imlib2-based image viewer") (description "feh is an X11 image viewer aimed mostly at console users. diff --git a/gnu/packages/patches/feh-respect-CURL_CA_BUNDLE.patch b/gnu/pa= ckages/patches/feh-respect-CURL_CA_BUNDLE.patch new file mode 100644 index 000000000..cbe2fa16d =2D-- /dev/null +++ b/gnu/packages/patches/feh-respect-CURL_CA_BUNDLE.patch @@ -0,0 +1,18 @@ +Make feh respect CURL_CA_BUNDLE similar to the `curl` tool. + +diff --git a/src/imlib.c b/src/imlib.c +index dfb79aa..82a9865 100644 +--- a/src/imlib.c ++++ b/src/imlib.c +@@ -429,6 +429,10 @@ static char *feh_http_load_image(char *url) + if (opt.insecure_ssl) { + curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0); + curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0); ++ } else { ++ // Allow the user to specify custom CA certificates. ++ curl_easy_setopt(curl, CURLOPT_CAINFO, ++ getenv("CURL_CA_BUNDLE")); + } +=20 + res =3D curl_easy_perform(curl); + =2D-=20 2.14.3 --=-=-=-- --==-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAln2aIQACgkQoqBt8qM6 VPp+9ggAzeabk6OIgz8/96z1NviodLiMpYKeANxi8aVc3GLc7aFwvNTjGBXG5hTx msqDnDzZ/kqEqpKcdVWsZ3lud/Bmdbq7osQLN8B4T4982VpYRdASDsyYo56gSWc6 B9RVo5i/erz+t69W+PgfRhWIEjjWF6WKlFY5OX8r4o/YTr/IG9oSbfOwiszhsoI+ jDTRSDvQajq8AhTQFdRp7Tp4f0o04E3YWHi87vH2iSnJNEOrtBSXq4F9Nhiue/jD NxfBml+pjV9D0JeNxoZB/uE9y70s/xB/XSHXRmsUZloJrX5quyX7MAq5PHwu6t1q 0D4B037UxtQ2l/OsihskbfPnRJEm+A== =zolM -----END PGP SIGNATURE----- --==-=-=-- From unknown Sat Jun 21 03:29:30 2025 X-Loop: help-debbugs@gnu.org Subject: bug#28948: feh does encounter certificate errors with valid certificates Resent-From: Ricardo Wurmus Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Mon, 30 Oct 2017 08:50:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 28948 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Marius Bakke Cc: 28948@debbugs.gnu.org, ng0 Received: via spool by 28948-submit@debbugs.gnu.org id=B28948.150935335014765 (code B ref 28948); Mon, 30 Oct 2017 08:50:02 +0000 Received: (at 28948) by debbugs.gnu.org; 30 Oct 2017 08:49:10 +0000 Received: from localhost ([127.0.0.1]:41311 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e95ks-0003q5-Ec for submit@debbugs.gnu.org; Mon, 30 Oct 2017 04:49:10 -0400 Received: from sender-of-o51.zoho.com ([135.84.80.216]:21044) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e95kr-0003px-33 for 28948@debbugs.gnu.org; Mon, 30 Oct 2017 04:49:09 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1509350556; s=zoho; d=elephly.net; i=rekado@elephly.net; h=References:From:To:Cc:Subject:In-reply-to:Date:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; l=1648; bh=nnhIOro/czrr4NPgLvu96FjUehMk0qk5ON11ijMbak8=; b=InqThRDd2+rNkA5ts8/HpQDfWqfrTqDfTOqfeymlQSiKgTA6/hMssWOL9x/SIp4I Ja5Hp9vxwNs64kt3MFe1GB+McdTaiN3GGPG5YnrVq5Shcc/oD3cEY06r84s4KCZ+vEw mtxl9QcY0sknUSt2oyb5CVPJQuLfqjQVZcspYZXI= Received: from localhost (port-92-200-11-220.dynamic.qsc.de [92.200.11.220]) by mx.zohomail.com with SMTPS id 1509350556396390.55306595456534; Mon, 30 Oct 2017 01:02:36 -0700 (PDT) References: <20171022203339.qomgp4xm2rqh4zwe@abyayala> <87r2tl4iuz.fsf@fastmail.com> User-agent: mu4e 0.9.18; emacs 25.3.1 From: Ricardo Wurmus In-reply-to: <87r2tl4iuz.fsf@fastmail.com> X-URL: https://elephly.net X-PGP-Key: https://elephly.net/rekado.pubkey X-PGP-Fingerprint: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC Date: Mon, 30 Oct 2017 09:02:33 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Message-ID: <87fua1kqqu.fsf@elephly.net> X-ZohoMailClient: External X-Spam-Score: -2.8 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.8 (--) Marius Bakke writes: > ng0 writes: > >> feh https://i.imgur.com/263enxT.jpg >> feh opens image >> >> Problem: >> user@abyayala ~/src/guix/guix$ feh https://i.imgur.com/263enxT.jpg >> feh WARNING: open url: server certificate verification failed. CAfile: n= one CRLfile: none >> feh WARNING: https://i.imgur.com/263enxT.jpg - File does not exist >> feh: No loadable images specified. >> See 'man feh' for detailed usage information >> >> nss etc are in my profile, no problem with other curl based applications= . > > The attached patch should fix the problem. Can you try it? We=E2=80=99ve done something similar in r-curl IIRC. I wonder if we should= just patch libcurl, so that all users of libcurl would benefit from this change. > +diff --git a/src/imlib.c b/src/imlib.c > +index dfb79aa..82a9865 100644 > +--- a/src/imlib.c > ++++ b/src/imlib.c > +@@ -429,6 +429,10 @@ static char *feh_http_load_image(char *url) > + =09=09=09if (opt.insecure_ssl) { > + =09=09=09=09curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0); > + =09=09=09=09curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0); > ++=09=09=09} else { > ++=09=09=09=09// Allow the user to specify custom CA certificates. > ++=09=09=09=09curl_easy_setopt(curl, CURLOPT_CAINFO, > ++=09=09=09=09=09=09getenv("CURL_CA_BUNDLE")); > + =09=09=09} Is it safe to pass the empty string to curl_easy_setopt, in case CURL_CA_BUNDLE is unset? Do we need to check the value first or can we pass it without checking? -- Ricardo GPG: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC https://elephly.net From unknown Sat Jun 21 03:29:30 2025 X-Loop: help-debbugs@gnu.org Subject: bug#28948: feh does encounter certificate errors with valid certificates Resent-From: ng0 Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Mon, 30 Oct 2017 14:08:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 28948 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Ricardo Wurmus Cc: 28948@debbugs.gnu.org, Marius Bakke , ng0 Received: via spool by 28948-submit@debbugs.gnu.org id=B28948.15093724521644 (code B ref 28948); Mon, 30 Oct 2017 14:08:02 +0000 Received: (at 28948) by debbugs.gnu.org; 30 Oct 2017 14:07:32 +0000 Received: from localhost ([127.0.0.1]:42281 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e9Aix-0000QS-M4 for submit@debbugs.gnu.org; Mon, 30 Oct 2017 10:07:31 -0400 Received: from aibo.runbox.com ([91.220.196.211]:58642) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e9Aiw-0000QJ-7o for 28948@debbugs.gnu.org; Mon, 30 Oct 2017 10:07:30 -0400 Received: from [10.9.9.210] (helo=mailfront10.runbox.com) by mailtransmit02.runbox with esmtp (Exim 4.86_2) (envelope-from ) id 1e9Air-0001Dk-IZ; Mon, 30 Oct 2017 15:07:25 +0100 Received: from mirror.armbrust.me ([176.31.180.157] helo=localhost) by mailfront10.runbox.com with esmtpsa (uid:892961 ) (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) id 1e9AiK-0002hJ-AG; Mon, 30 Oct 2017 15:06:52 +0100 Date: Mon, 30 Oct 2017 14:06:49 +0000 From: ng0 Message-ID: <20171030140649.dt6n2v6i7im4rrx4@abyayala> References: <20171022203339.qomgp4xm2rqh4zwe@abyayala> <87r2tl4iuz.fsf@fastmail.com> <87fua1kqqu.fsf@elephly.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="jp5foy7lsfm67zzx" Content-Disposition: inline In-Reply-To: <87fua1kqqu.fsf@elephly.net> X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --jp5foy7lsfm67zzx Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Ricardo Wurmus transcribed 1.6K bytes: >=20 > Marius Bakke writes: >=20 > > ng0 writes: > > > >> feh https://i.imgur.com/263enxT.jpg > >> feh opens image > >> > >> Problem: > >> user@abyayala ~/src/guix/guix$ feh https://i.imgur.com/263enxT.jpg > >> feh WARNING: open url: server certificate verification failed. CAfile:= none CRLfile: none > >> feh WARNING: https://i.imgur.com/263enxT.jpg - File does not exist > >> feh: No loadable images specified. > >> See 'man feh' for detailed usage information > >> > >> nss etc are in my profile, no problem with other curl based applicatio= ns. > > > > The attached patch should fix the problem. Can you try it? Thanks! I'll test it in the next couple of days. > We=E2=80=99ve done something similar in r-curl IIRC. I wonder if we shou= ld just > patch libcurl, so that all users of libcurl would benefit from this chang= e. In my opinion that would be preferable. > > +diff --git a/src/imlib.c b/src/imlib.c > > +index dfb79aa..82a9865 100644 > > +--- a/src/imlib.c > > ++++ b/src/imlib.c > > +@@ -429,6 +429,10 @@ static char *feh_http_load_image(char *url) > > + if (opt.insecure_ssl) { > > + curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0); > > + curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0); > > ++ } else { > > ++ // Allow the user to specify custom CA certificates. > > ++ curl_easy_setopt(curl, CURLOPT_CAINFO, > > ++ getenv("CURL_CA_BUNDLE")); > > + } >=20 > Is it safe to pass the empty string to curl_easy_setopt, in case > CURL_CA_BUNDLE is unset? Do we need to check the value first or can we > pass it without checking? >=20 > -- > Ricardo >=20 > GPG: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC > https://elephly.net >=20 >=20 >=20 --=20 ng0 GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588 GnuPG: https://dist.ng0.infotropique.org/dist/keys/ https://www.infotropique.org https://ng0.infotropique.org --jp5foy7lsfm67zzx Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEqIyK3RKYKNfqwC5S4i+bv+40hYgFAln3MfkACgkQ4i+bv+40 hYgvRA//QS+PfLhSgJVuCBG1xpk7I1I4sYpoIevKK7hVVxU959oBkdpNFGqCSy8M xmjzQ7SZdF8g5eB7XN22KuzTW9YaDZWMu5L8i6rh7l0wg1kNyDuEsDu2+ETjNEpH feXM2xpsYK8l3MQhFIq4MCHG8yl4PxzKbdf16XjXica9SYZK0qY0zeeC8Zxp0Ogq joB1VRf3tQw1XyWp/4zdIVCP5hC9BkE3Gf57AwkR31l2WqR8VmCnnWOPcIcUs2MK WDZkKxpJRkqH3+1EG5EsX/vKyREPnAUWDYUc/n0wFOrth4IjpeaaaExJBiKoxkBx jSInt4Q4ERKvCxloCEKV79rmZ1fTbUP7LhJnJ214B2oRkiiVkZMbBxrozUSuyHh4 TzWRQIWoiDeERhR9peXqAO6Z60VBWL8Vm2v9yfQCfNFP3TeWhG8dyrNUzqt/+6UB pR12EbbooHDBHyrykj6NZnmP2CFYxfnM22Shq+MxvYTfiSKVAC9F/S7fvQz56/Po l+HQj+tW8xK+vOpu1sgoPi+8k2i8u+HVsK/rKU/sW82811cW76Rq/9d7G96QxKCq VWJjenqA3fPFNUJ0Yh6iLDFrZ4EaTjczEM7STV4fWO3or7kGQww5HYB2fptl+zvR WuhOcv6LVR17/mY5igOdqQdOJ0ONSzQIztIt7KrvEq10ieEl9L8= =tKTL -----END PGP SIGNATURE----- --jp5foy7lsfm67zzx-- From unknown Sat Jun 21 03:29:30 2025 X-Loop: help-debbugs@gnu.org Subject: bug#28948: feh does encounter certificate errors with valid certificates Resent-From: Marius Bakke Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Wed, 01 Nov 2017 20:56:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 28948 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Ricardo Wurmus Cc: 28948@debbugs.gnu.org, ng0 Received: via spool by 28948-submit@debbugs.gnu.org id=B28948.150956971212553 (code B ref 28948); Wed, 01 Nov 2017 20:56:01 +0000 Received: (at 28948) by debbugs.gnu.org; 1 Nov 2017 20:55:12 +0000 Received: from localhost ([127.0.0.1]:46510 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eA02U-0003GI-GH for submit@debbugs.gnu.org; Wed, 01 Nov 2017 16:55:11 -0400 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:60331) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eA02T-0003GB-7q for 28948@debbugs.gnu.org; Wed, 01 Nov 2017 16:55:05 -0400 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 5333320D6B; Wed, 1 Nov 2017 16:55:03 -0400 (EDT) Received: from frontend2 ([10.202.2.161]) by compute5.internal (MEProxy); Wed, 01 Nov 2017 16:55:03 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h= cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=gjlU4BDUxCDGOKaw1p1YCNr+jKtlZZln+NIuvM5jMzc=; b=dRI2cl9n pCyv7T//nqusY/qKTCvzu4uteKF4QiAv7P9T7XkPyv/LZ5iST1hk8kNAbOYNDluy HMYmWNixaUBamqyezZ1fhdBMBtDHs+ZmkT2bYGIVAgyFGIQ4MPpALr0KSQB62yiF OKxLUu+9vN+DBm4AmaamZyKmxcBpk75pLbcutrVvjrErHKygMQHlwMPEAESZzCUS ZlPIFxD5ijnDrfirnn3HC9N483pWtc5Su8h6nYdYvUHwrE585YGhJhTRZfwqfyAx QtUcU2fG+E25A4ie9GN2GeoS/bV/8iM+4B7y4A9ok75hZfF2o2W1isGn8bP0kRze YNIAVFiEtG4lNg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=gjlU4BDUxCDGOKaw1p1YCNr+jKtlZ Zln+NIuvM5jMzc=; b=sZJn05HcpwqFiEyFYmzjGn5FNRR8csOGBU7AbQQU8gb3O 4CS/mxuX3zQ3RuGtqJrcEKSmwIyfN0JLQKxI5GstVYK4Aint+0IOs6HQ2hv0icSI 6c+EgqOgv8KsPAFMkl6QiU42Mn4iGKG0Ch4gnQ6yZPQZZTutKYbF64ILpv86+6tD NmVl2sCKM+ZPr1ckjbxlvi5RyRnKk78YF/19iB5gYAcPHgqA9oiDr7/HHM2r2oA4 GJN9zXvkNEX8I2lh0LDtAgwBWSMGWQshMtrkEuETzcmI/f/TMavI/6jA3N+tOJH9 D9/v5Ayd+4P4kTkMEIAMaanv/pNjzd66bSzzt/EoA== X-ME-Sender: Received: from localhost (cm-84.214.173.174.getinternet.no [84.214.173.174]) by mail.messagingengine.com (Postfix) with ESMTPA id E72B624A60; Wed, 1 Nov 2017 16:55:02 -0400 (EDT) From: Marius Bakke In-Reply-To: <87fua1kqqu.fsf@elephly.net> References: <20171022203339.qomgp4xm2rqh4zwe@abyayala> <87r2tl4iuz.fsf@fastmail.com> <87fua1kqqu.fsf@elephly.net> User-Agent: Notmuch/0.25.1 (https://notmuchmail.org) Emacs/25.3.1 (x86_64-pc-linux-gnu) Date: Wed, 01 Nov 2017 21:55:01 +0100 Message-ID: <87d1514t3u.fsf@fastmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Ricardo Wurmus writes: > Marius Bakke writes: > >> ng0 writes: >> >>> feh https://i.imgur.com/263enxT.jpg >>> feh opens image >>> >>> Problem: >>> user@abyayala ~/src/guix/guix$ feh https://i.imgur.com/263enxT.jpg >>> feh WARNING: open url: server certificate verification failed. CAfile: = none CRLfile: none >>> feh WARNING: https://i.imgur.com/263enxT.jpg - File does not exist >>> feh: No loadable images specified. >>> See 'man feh' for detailed usage information >>> >>> nss etc are in my profile, no problem with other curl based application= s. >> >> The attached patch should fix the problem. Can you try it? > > We=E2=80=99ve done something similar in r-curl IIRC. I wonder if we shou= ld just > patch libcurl, so that all users of libcurl would benefit from this chang= e. IIRC the reason it's not supported in libcurl is because getenv() is not thread-safe, whereas libcurl is designed to be. > >> +diff --git a/src/imlib.c b/src/imlib.c >> +index dfb79aa..82a9865 100644 >> +--- a/src/imlib.c >> ++++ b/src/imlib.c >> +@@ -429,6 +429,10 @@ static char *feh_http_load_image(char *url) >> + if (opt.insecure_ssl) { >> + curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0); >> + curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0); >> ++ } else { >> ++ // Allow the user to specify custom CA certificates. >> ++ curl_easy_setopt(curl, CURLOPT_CAINFO, >> ++ getenv("CURL_CA_BUNDLE")); >> + } > > Is it safe to pass the empty string to curl_easy_setopt, in case > CURL_CA_BUNDLE is unset? Do we need to check the value first or can we > pass it without checking? getenv() returns NULL if the variable is unset. I'm not sure if it would reset the default on other distros, but it makes no difference for Guix since libcurl does not have a default CA bundle and handles NULL here gracefully. I submitted it upstream in hope of getting feedback/testing there, but it was simply merged as-is: I do agree that it's rather crude, will try to improve it a bit. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAln6NKUACgkQoqBt8qM6 VPo0AQgAvSbyaMZiXV3FwNWLc052k+1KYObDE3forKAzKGC7dLtXQMts4/6T3qxb /UQo2ocj4KeKlAyJoOZQFOQRFyusBehcWkvfnWxf7X6J8oRLNOuL/ebPHYVXanPN fhjNl/70InKsx/emV6T5EV9dEQ8oVkAwALMQE2IWXOg0kCCXE03Hpop9qGgGYDHc 8TWBFnaEiWFgwcYK5/w7KfUv1p88e9+gZSiHTZCfZte1LdalRuSERGdvBGORKNw4 Fc5O6iuFmgdz9wORdIHHysib8W1sGveSFoYPCluFj8+gCMl+eV2zwblvY4NvHNWf qaEQatI2/tKcFMLRQZoBkfT5nf5L6g== =wxqf -----END PGP SIGNATURE----- --=-=-=-- From unknown Sat Jun 21 03:29:30 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: ng0 Subject: bug#28948: closed (Re: bug#28948: feh does encounter certificate errors with valid certificates) Message-ID: References: <87lgjkhhuc.fsf@fastmail.com> <20171022203339.qomgp4xm2rqh4zwe@abyayala> X-Gnu-PR-Message: they-closed 28948 X-Gnu-PR-Package: guix Reply-To: 28948@debbugs.gnu.org Date: Sun, 05 Nov 2017 15:22:02 +0000 Content-Type: multipart/mixed; boundary="----------=_1509895322-5142-1" This is a multi-part message in MIME format... ------------=_1509895322-5142-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #28948: feh does encounter certificate errors with valid certificates which was filed against the guix package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 28948@debbugs.gnu.org. --=20 28948: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D28948 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1509895322-5142-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 28948-done) by debbugs.gnu.org; 5 Nov 2017 15:21:20 +0000 Received: from localhost ([127.0.0.1]:52318 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eBMjf-0001K0-MM for submit@debbugs.gnu.org; Sun, 05 Nov 2017 10:21:19 -0500 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:42751) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eBMjd-0001Jr-Q1 for 28948-done@debbugs.gnu.org; Sun, 05 Nov 2017 10:21:18 -0500 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 3BF4720BB5; Sun, 5 Nov 2017 10:21:17 -0500 (EST) Received: from frontend1 ([10.202.2.160]) by compute5.internal (MEProxy); Sun, 05 Nov 2017 10:21:17 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h= cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=XKwa5sIUY/me6C6QenVRiiWPjd32g5S12rfTka/JNTY=; b=m7q5LQ40 W1AXKN4A5vu3svJ2zI17pQDrdfVfLiIgBl/nxc519jvqakLVGFFWQVyRm0MNa++M SH1m2z2ehC0/63muvJHsMw0H8Q2xJFtPJfeFAC2+Nj+k0Qc+1AlwLq87Q/A3Od6b K7kF0GUxafPIMY3XD5791zxxsknA/fhjiDRhnn869K3cPOWIjtUtVhjS8gFinFKq D9gk4DUCbBlw+plVPQWsWHyuAsPUf3agNfNsgQNCq4Fh7Df3JcnZhkQhD3VsJqJK 8Xw8Y0dVpP4ZyvjlvTV3UDAm85u9vpfjeV5dsP+yvWNiUXi+7V3g/5sIZNIfHCoU OocCuH5SqDBTYA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=XKwa5sIUY/me6C6QenVRiiWPjd32g 5S12rfTka/JNTY=; b=FGU2gdiYnpO+CvqIOnsFdLHr9sG3o0W9MOBfPvG1rmOPs 8A6AqzOnYh8Y4FdaIXRXLNb9OhFwYutxywlLxqhiQNif6fonqtgwocEveXoUahIU 4RaJuDsPHW7qzD+M4N8tHdeDB+KGTnsSTVm9pxCuIS0FeVXO0sn6bdH+442FsX17 JNthGsFXWsWEApr3z/Gj8sjRu+rkm+Pxjt45cA/czqOTcxxdpoEKKTRuFb1i2xdD a3ctGLB4m3z0jY/DPmNfQk2gMl6xyqn390p4wXrQrBc8bd6Nsm7jVhA2X9shOrKa Ta89f3zI7nFlDXanaqNyX6jRNJDehMmLNsQ1akYNQ== X-ME-Sender: Received: from localhost (cm-84.214.173.174.getinternet.no [84.214.173.174]) by mail.messagingengine.com (Postfix) with ESMTPA id C243E7FAA1; Sun, 5 Nov 2017 10:21:16 -0500 (EST) From: Marius Bakke To: Ricardo Wurmus Subject: Re: bug#28948: feh does encounter certificate errors with valid certificates In-Reply-To: <87d1514t3u.fsf@fastmail.com> References: <20171022203339.qomgp4xm2rqh4zwe@abyayala> <87r2tl4iuz.fsf@fastmail.com> <87fua1kqqu.fsf@elephly.net> <87d1514t3u.fsf@fastmail.com> User-Agent: Notmuch/0.25.1 (https://notmuchmail.org) Emacs/25.3.1 (x86_64-pc-linux-gnu) Date: Sun, 05 Nov 2017 16:21:15 +0100 Message-ID: <87lgjkhhuc.fsf@fastmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 28948-done Cc: 28948-done@debbugs.gnu.org, ng0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --=-=-= Content-Type: text/plain Marius Bakke writes: > I submitted it upstream in hope of getting feedback/testing there, but > it was simply merged as-is: > > I do agree that it's rather crude, will try to improve it a bit. Feh 2.22 has been released with this patch, so I pushed the native-search-path update with it. I think we should add the CURL_CA_BUNDLE search path to the "curl" package too so that we can control it on foreign distros (it seems to opportunistically search /etc/ssl/certs), and make libcurl users that implement it inherit from curl using (package-native-search-paths ...). I'll do that on 'core-updates' in a few days if no further comments. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAln/LGsACgkQoqBt8qM6 VPrBaAgAjQcuQzqigM+dAb8lEXY65gnOhVQuvXS2LcbfYHC2LnMVLxAHHP0fEyY6 bfB5Ztw8NHufaMn1iUi9LxNsMvXX1CKhVuJhzi9FJ2x7Nl5CdHqFS4jmNZ4bandk D+BR8WnR6xjlT7Uv2HhR3M+b2ZosS59on0heJztsjih9Q5sHgrSja7RMsQAXiQDG cbjxS2m+1dky07dGox/APmj//Woy+JDPLpo9Q+iYmUOuc8L2pHSb569SEnGCOqh5 JjljVxv1fgK0UO/eWpx1vI1rcx0xZRSM1oAFp6XgrA2iNfKpcgoba5RSZXVU8OS3 TDen0l5ZiEcxfUsNkhVewy+uiuXUlA== =8+wZ -----END PGP SIGNATURE----- --=-=-=-- ------------=_1509895322-5142-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 22 Oct 2017 20:34:50 +0000 Received: from localhost ([127.0.0.1]:56273 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e6MxO-0004TV-FR for submit@debbugs.gnu.org; Sun, 22 Oct 2017 16:34:50 -0400 Received: from eggs.gnu.org ([208.118.235.92]:33564) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e6MxM-0004TJ-Nu for submit@debbugs.gnu.org; Sun, 22 Oct 2017 16:34:49 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e6MxG-0003rI-NC for submit@debbugs.gnu.org; Sun, 22 Oct 2017 16:34:43 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=BAYES_20 autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:56590) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1e6MxG-0003rA-Jh for submit@debbugs.gnu.org; Sun, 22 Oct 2017 16:34:42 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:52745) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e6MxF-0006h7-Fd for bug-guix@gnu.org; Sun, 22 Oct 2017 16:34:42 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e6MxA-0003oY-JF for bug-guix@gnu.org; Sun, 22 Oct 2017 16:34:41 -0400 Received: from aibo.runbox.com ([91.220.196.211]:36616) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1e6Mwp-0003c3-6R for bug-guix@gnu.org; Sun, 22 Oct 2017 16:34:36 -0400 Received: from [10.9.9.212] (helo=mailfront12.runbox.com) by mailtransmit02.runbox with esmtp (Exim 4.86_2) (envelope-from ) id 1e6Mwl-0001yN-U6 for bug-guix@gnu.org; Sun, 22 Oct 2017 22:34:12 +0200 Received: from [109.236.90.209] (helo=localhost) by mailfront12.runbox.com with esmtpsa (uid:892961 ) (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) id 1e6MwI-0002jy-B0 for bug-guix@gnu.org; Sun, 22 Oct 2017 22:33:42 +0200 Date: Sun, 22 Oct 2017 20:33:39 +0000 From: ng0 To: bug-guix@gnu.org Subject: feh does encounter certificate errors with valid certificates Message-ID: <20171022203339.qomgp4xm2rqh4zwe@abyayala> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="lptiavxx24vswkmi" Content-Disposition: inline X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) --lptiavxx24vswkmi Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable feh https://i.imgur.com/263enxT.jpg feh opens image Problem: user@abyayala ~/src/guix/guix$ feh https://i.imgur.com/263enxT.jpg feh WARNING: open url: server certificate verification failed. CAfile: none= CRLfile: none feh WARNING: https://i.imgur.com/263enxT.jpg - File does not exist feh: No loadable images specified. See 'man feh' for detailed usage information nss etc are in my profile, no problem with other curl based applications. --=20 ng0 GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588 GnuPG: https://dist.ng0.infotropique.org/dist/keys/ https://www.infotropique.org https://ng0.infotropique.org --lptiavxx24vswkmi Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEqIyK3RKYKNfqwC5S4i+bv+40hYgFAlntAKMACgkQ4i+bv+40 hYi7Pg/+IRZi5bgVWsgDd84nSiTGWmC2D8w6Oi4Y7bruX9BdIXMS6nyMbx2wTpBL OJr6Fsl3xkjFSDD2BBkNrlG5eLqraz3igEMNpQ5VzR+RvSwspSNdVnUqHrR/reZM H7/Wr8qkvmN+30utM2yMS3yfRemGWY2Z8vwHE/aKZ2JLUus0Z2AyXTqXiAXeM5SO cB9sGlmKvOCSkhsf2gn/jjlgeLiXKLNBxUHczG4XjRHtNijqgIYZ9m7FeomwmvU1 PCs0UIYD8jAFne2vdaynBX4HP1xVNgdaLO1kGSTV+xmthG6qzG0m4uMRi6EDCLxZ MfLQ2aqKNG05I02rQoTKr4nib5r0K+xCKMlTnjRPL/8ODySwmwQc7+0oLJOZdUcb 9XpqO9eD7vrSqK41c6uTgl6AQc3E9NPrlsyDVN9KkcG8KODM0xnGQBl1+qyutrDJ 0NXvrfUfaJuH1/ncuBvA6SuAAuOxM6yGjrgmf9Xtksq6M/RL9BvvDmBuPiBr1Vb5 iy9fNK8xmBv89z958jnGO92PvksCwqvBkA/9fRv5k1mEu7DU4vScGcPysTDSXc5f 7COj60Iqz9jde4gXnymI/RetbEoxoXxEdCfz6Ez3bDsqLbGb8wQYf5kpky/2wyqS 941n2maJgY+EVmI8wtdYPHlyunvphb2ZMefkbjDnXbfxQAwuKz8= =S0n8 -----END PGP SIGNATURE----- --lptiavxx24vswkmi-- ------------=_1509895322-5142-1-- From unknown Sat Jun 21 03:29:30 2025 X-Loop: help-debbugs@gnu.org Subject: bug#28948: feh does encounter certificate errors with valid certificates Resent-From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Sun, 05 Nov 2017 16:15:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 28948 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 28948@debbugs.gnu.org Cc: mbakke@fastmail.com, ng0@infotropique.org Received: via spool by 28948-submit@debbugs.gnu.org id=B28948.150989845210632 (code B ref 28948); Sun, 05 Nov 2017 16:15:02 +0000 Received: (at 28948) by debbugs.gnu.org; 5 Nov 2017 16:14:12 +0000 Received: from localhost ([127.0.0.1]:52406 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eBNYp-0002lQ-T0 for submit@debbugs.gnu.org; Sun, 05 Nov 2017 11:14:12 -0500 Received: from hera.aquilenet.fr ([141.255.128.1]:60371) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eBNYo-0002lI-GD for 28948@debbugs.gnu.org; Sun, 05 Nov 2017 11:14:10 -0500 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id 6AF84EC6C; Sun, 5 Nov 2017 17:14:11 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at aquilenet.fr Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZTwHSl2VTeLP; Sun, 5 Nov 2017 17:14:10 +0100 (CET) Received: from ribbon (unknown [IPv6:2a01:e0a:1d:7270:af76:b9b:ca24:c465]) by hera.aquilenet.fr (Postfix) with ESMTPSA id 5FAB1E993; Sun, 5 Nov 2017 17:14:10 +0100 (CET) From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) References: <20171022203339.qomgp4xm2rqh4zwe@abyayala> <87r2tl4iuz.fsf@fastmail.com> <87fua1kqqu.fsf@elephly.net> <87d1514t3u.fsf@fastmail.com> <87lgjkhhuc.fsf@fastmail.com> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 15 Brumaire an 226 de la =?UTF-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Sun, 05 Nov 2017 17:14:07 +0100 In-Reply-To: <87lgjkhhuc.fsf@fastmail.com> (Marius Bakke's message of "Sun, 05 Nov 2017 16:21:15 +0100") Message-ID: <87tvy8pusw.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 1.0 (+) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 1.0 (+) Marius Bakke skribis: > Marius Bakke writes: > >> I submitted it upstream in hope of getting feedback/testing there, but >> it was simply merged as-is: >> >> I do agree that it's rather crude, will try to improve it a bit. > > Feh 2.22 has been released with this patch, so I pushed the > native-search-path update with it. Neat. > I think we should add the CURL_CA_BUNDLE search path to the "curl" > package too so that we can control it on foreign distros (it seems to > opportunistically search /etc/ssl/certs), and make libcurl users that > implement it inherit from curl using (package-native-search-paths ...). > > I'll do that on 'core-updates' in a few days if no further comments. Sounds good! Not entirely sure about duplicating the =E2=80=98native-search-paths=E2=80= =99 in all the users of libcurl: it=E2=80=99s inelegant, but OTOH it solves the problem, so it=E2=80=99s definitely an improvement. Thank you, Ludo=E2=80=99.