From unknown Wed Jun 18 23:10:34 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#37371 <37371@debbugs.gnu.org> To: bug#37371 <37371@debbugs.gnu.org> Subject: Status: =?UTF-8?Q?CMake=E2=80=99s_?= =?UTF-8?Q?=E2=80=9Cctest=E2=80=9D_?= =?UTF-8?Q?doesn=E2=80=99t?= know about X.509 certificates Reply-To: bug#37371 <37371@debbugs.gnu.org> Date: Thu, 19 Jun 2025 06:10:34 +0000 retitle 37371 CMake=E2=80=99s =E2=80=9Cctest=E2=80=9D doesn=E2=80=99t know = about X.509 certificates reassign 37371 guix submitter 37371 Ludovic Court=C3=A8s severity 37371 normal thanks From debbugs-submit-bounces@debbugs.gnu.org Tue Sep 10 11:37:57 2019 Received: (at submit) by debbugs.gnu.org; 10 Sep 2019 15:37:57 +0000 Received: from localhost ([127.0.0.1]:41591 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1i7iDM-0000if-Jr for submit@debbugs.gnu.org; Tue, 10 Sep 2019 11:37:56 -0400 Received: from lists.gnu.org ([209.51.188.17]:50885) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1i7iDJ-0000iW-GZ for submit@debbugs.gnu.org; Tue, 10 Sep 2019 11:37:55 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:35632) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i7iDI-00017o-Aq for bug-Guix@gnu.org; Tue, 10 Sep 2019 11:37:53 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_50,RCVD_IN_DNSWL_HI autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1i7iDF-00035M-VC for bug-Guix@gnu.org; Tue, 10 Sep 2019 11:37:51 -0400 Received: from mail2-relais-roc.national.inria.fr ([192.134.164.83]:45099) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1i7iDE-00032j-3a for bug-Guix@gnu.org; Tue, 10 Sep 2019 11:37:49 -0400 X-IronPort-AV: E=Sophos;i="5.64,489,1559512800"; d="scan'208";a="401113700" Received: from unknown (HELO ribbon) ([193.50.110.86]) by mail2-relais-roc.national.inria.fr with ESMTP/TLS/AES256-GCM-SHA384; 10 Sep 2019 17:37:43 +0200 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: bug-Guix@gnu.org Subject: =?utf-8?B?Q01ha2XigJlzIOKAnGN0ZXN04oCdIGRvZXNu4oCZdA==?= know about X.509 certificates X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 24 Fructidor an 227 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Tue, 10 Sep 2019 17:37:43 +0200 Message-ID: <87tv9k17so.fsf@inria.fr> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 192.134.164.83 X-Spam-Score: -1.3 (-) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) Hello, The =E2=80=98ctest=E2=80=99 command uses libcurl to submit reports to CDash= servers. However, it does not =E2=80=9Cgetenv=E2=80=9D anything related to CA certs,= and it does not either look at /etc/ssl/certs. The culprit is this function: --8<---------------cut here---------------start------------->8--- std::string cmCurlSetCAInfo(::CURL* curl, const char* cafile) { std::string e; if (cafile && *cafile) { ::CURLcode res =3D ::curl_easy_setopt(curl, CURLOPT_CAINFO, cafile); check_curl_result(res, "Unable to set TLS/SSL Verify CAINFO: "); } #ifdef CMAKE_FIND_CAFILE # define CMAKE_CAFILE_FEDORA "/etc/pki/tls/certs/ca-bundle.crt" else if (cmSystemTools::FileExists(CMAKE_CAFILE_FEDORA, true)) { ::CURLcode res =3D ::curl_easy_setopt(curl, CURLOPT_CAINFO, CMAKE_CAFILE_FEDORA); check_curl_result(res, "Unable to set TLS/SSL Verify CAINFO: "); } # undef CMAKE_CAFILE_FEDORA else { # define CMAKE_CAFILE_COMMON "/etc/ssl/certs/ca-certificates.crt" if (cmSystemTools::FileExists(CMAKE_CAFILE_COMMON, true)) { ::CURLcode res =3D ::curl_easy_setopt(curl, CURLOPT_CAINFO, CMAKE_CAFILE_COMMON); check_curl_result(res, "Unable to set TLS/SSL Verify CAINFO: "); } # undef CMAKE_CAFILE_COMMON # define CMAKE_CAPATH_COMMON "/etc/ssl/certs" if (cmSystemTools::FileIsDirectory(CMAKE_CAPATH_COMMON)) { ::CURLcode res =3D ::curl_easy_setopt(curl, CURLOPT_CAPATH, CMAKE_CAPATH_COMMON); check_curl_result(res, "Unable to set TLS/SSL Verify CAPATH: "); } # undef CMAKE_CAPATH_COMMON } #endif return e; } --8<---------------cut here---------------end--------------->8--- The problem is that =E2=80=98CMAKE_FIND_CAFILE=E2=80=99 is undefined in our= case: --8<---------------cut here---------------start------------->8--- #if !defined(CMAKE_USE_SYSTEM_CURL) && !defined(_WIN32) && = \ !defined(__APPLE__) && !defined(CURL_CA_BUNDLE) && !defined(CURL_CA_PATH) # define CMAKE_FIND_CAFILE # include "cmSystemTools.h" #endif --8<---------------cut here---------------end--------------->8--- Thus it doesn=E2=80=99t look for certificates *at all*, and eventually fails with: --8<---------------cut here---------------start------------->8--- Error when uploading file: =E2=80=A6 Error message was: server certificate verification failed. CAfile: none = CRLfile: none Problems when submitting via HTTP Errors while running CTest --8<---------------cut here---------------end--------------->8--- For now I propose to provide a patched =E2=80=98cmake=E2=80=99 package that= does the right thing. On #guix, Tobias also rightfully suggested adding a =E2=80=98getenv=E2=80= =99 call directly in libcurl, which may be the better long-term solution (though it=E2=80=99s unclear whether that could interfere with application logic.) Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Tue Sep 10 12:35:13 2019 Received: (at 37371) by debbugs.gnu.org; 10 Sep 2019 16:35:13 +0000 Received: from localhost ([127.0.0.1]:41656 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1i7j6n-0002X6-AT for submit@debbugs.gnu.org; Tue, 10 Sep 2019 12:35:13 -0400 Received: from sender4-of-o53.zoho.com ([136.143.188.53]:21305) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1i7j6k-0002Wu-UQ for 37371@debbugs.gnu.org; Tue, 10 Sep 2019 12:35:12 -0400 ARC-Seal: i=1; a=rsa-sha256; t=1568133308; cv=none; d=zoho.com; s=zohoarc; b=RfRvw8uJEzKcFFBgIdf6U0nnktKdpw+9zbBn/kAdkZuwB/jfXUumz0DDvzoTj3Iz3LDfzc25uQBYiM3tj8h4ja8uba9GIJW5PpEgiag8kBobiwE15W4up/00vFz42P91891WEVWzs3RKJM7IwvXk6zeGukq04jNNnsFDEf0yGN4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1568133308; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To:ARC-Authentication-Results; bh=yhVhNfxEVMPeHUzyFOT0JT1ADYoanLmJBZiL60urvXs=; b=NMULfYJUg+u0dppKhpBDXr7LMU+6r/JU3qXkZeJZd3uq/5soIkawWYYKds8nA5NDwPbZ2KiHIPmPoxmu5pay1wujJZDJhSYjUPZlw6DZvxaLylkxbzcsRxMo62BioEu8hE7iOHuylj3CYmr7KoDihhJG65h4LQ1Ssie8xP/VzYg= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass header.i=elephly.net; spf=pass smtp.mailfrom=rekado@elephly.net; dmarc=pass header.from= header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1568133308; s=zoho; d=elephly.net; i=rekado@elephly.net; h=References:From:To:Subject:In-reply-to:Date:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding; l=1088; bh=yhVhNfxEVMPeHUzyFOT0JT1ADYoanLmJBZiL60urvXs=; b=RgMGYkUODL9H9tCoV4dk9Vu4E9F9CqkwdQVAD6Xl+QUaJK0ulueyNX9Kynx8VqtU O4oXtsjEEFrJNoOdvJrmrJccqMjrDu5GsBXeWZOLb/dprfczvSCpaaO50XMvx3qEFBd LbIkk+KmPdUSUB0K+1haRj/ebZjXZi8SjUSyEDBg= Received: from localhost (p54AD4ECE.dip0.t-ipconnect.de [84.173.78.206]) by mx.zohomail.com with SMTPS id 1568133308228598.5000239037118; Tue, 10 Sep 2019 09:35:08 -0700 (PDT) References: <87tv9k17so.fsf@inria.fr> User-agent: mu4e 1.2.0; emacs 26.2 From: Ricardo Wurmus To: 37371@debbugs.gnu.org Subject: Re: bug#37371: =?utf-8?B?Q01ha2XigJlzIOKAnGN0ZXN04oCdIGRvZXNu4oCZ?= =?utf-8?B?dA==?= know about X.509 certificates In-reply-to: <87tv9k17so.fsf@inria.fr> X-URL: https://elephly.net X-PGP-Key: https://elephly.net/rekado.pubkey X-PGP-Fingerprint: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC Date: Tue, 10 Sep 2019 18:35:03 +0200 Message-ID: <877e6gqfd4.fsf@elephly.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-ZohoMailClient: External X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 37371 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Ludovic Court=C3=A8s writes: > The =E2=80=98ctest=E2=80=99 command uses libcurl to submit reports to CDa= sh servers. > However, it does not =E2=80=9Cgetenv=E2=80=9D anything related to CA cert= s, and it does > not either look at /etc/ssl/certs. [=E2=80=A6] > > For now I propose to provide a patched =E2=80=98cmake=E2=80=99 package th= at does the > right thing. This is the correct way, in my opinion. The user of libcurl is supposed to handle environment variable lookup. > On #guix, Tobias also rightfully suggested adding a =E2=80=98getenv=E2=80= =99 call > directly in libcurl, which may be the better long-term solution (though > it=E2=80=99s unclear whether that could interfere with application logic.) This idea has been around for a pretty long time. I don=E2=80=99t really l= ike it, but it would solve so many problems where users of libcurl don=E2=80=99= t do env var lookups and fall back to the default, which is not guaranteed to exist when using Guix on foreign distros or even on Guix System. -- Ricardo From debbugs-submit-bounces@debbugs.gnu.org Tue Sep 10 13:05:24 2019 Received: (at 37371) by debbugs.gnu.org; 10 Sep 2019 17:05:24 +0000 Received: from localhost ([127.0.0.1]:41667 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1i7ja0-0003UQ-3Y for submit@debbugs.gnu.org; Tue, 10 Sep 2019 13:05:24 -0400 Received: from tobias.gr ([80.241.217.52]:35096) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1i7jZy-0003UG-6D for 37371@debbugs.gnu.org; Tue, 10 Sep 2019 13:05:22 -0400 Received: by tobias.gr (OpenSMTPD) with ESMTP id 56107b1e; Tue, 10 Sep 2019 17:05:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=tobias.gr; h=from:to:cc :subject:references:in-reply-to:date:message-id:mime-version :content-type; s=2018; i=me@tobias.gr; bh=gT65ePiI11+w5GSoc4UaIL puoqH4ko4qVm59wHpFlLA=; b=VSRd8OeiZWO+OnRRPNHWJnID2SfGzEGbdmBm9c nn62LdffGg7T8KDiHPdveoVDRd+c+Rf2J8kLa2DlLSOghZYFjGlDiTrny1jwHKdD pRyRLW7dRuf0bi9vav6HGrotL/QPQAxzqp43jLhPDML4frfekO0+bsQpOHSQGDua 4nuMJSXsgH1EbNFqfTWO2tcLC5E4+Pu6jwZokuYnVbSE3JSdZLBwqQRHn0P8tKmt nATza9bxYa9jbE4EIIoPxplN4CMaSCMzi1o1MZmOAQwl9hr+dczMRXXN1C5vqbkW XN3VwjwALee1Iz/9Ew1xYZq/2qZB/IseaODWlNlq8RTqwjug== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 2d162804 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); Tue, 10 Sep 2019 17:05:19 +0000 (UTC) From: Tobias Geerinckx-Rice To: Ricardo Wurmus Subject: Re: bug#37371: =?utf-8?B?Q01ha2XigJlzIOKAnGN0ZXN04oCdIGRvZXNu4oCZ?= =?utf-8?B?dA==?= know about X.509 certificates References: <87tv9k17so.fsf@inria.fr> <877e6gqfd4.fsf@elephly.net> In-reply-to: <877e6gqfd4.fsf@elephly.net> Date: Tue, 10 Sep 2019 19:05:18 +0200 Message-ID: <87v9u0cca9.fsf@nckx> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 37371 Cc: 37371@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) --=-=-= Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Ricardo, Ricardo Wurmus =E5=86=99=E9=81=93=EF=BC=9A > This is the correct way, in my opinion. The user of libcurl is=20 > supposed > to handle environment variable lookup. I'm aware of this, but it seems like some users don't do this. >> On #guix, Tobias also rightfully suggested adding a =E2=80=98getenv=E2= =80=99=20 >> call >> directly in libcurl, which may be the better long-term solution=20 >> (though >> it=E2=80=99s unclear whether that could interfere with application=20 >> logic.) > > This idea has been around for a pretty long time. I don=E2=80=99t=20 > really like > it, but it would solve so many problems where users of libcurl=20 > don=E2=80=99t do > env var lookups and fall back to the default, which is not=20 > guaranteed to > exist when using Guix on foreign distros or even on Guix System. Yeah, I explicitly said it was evil ;-) I don't =E2=80=98like=E2=80=99 it either, but don't know enough about libcu= rl to=20 think of a better solution. Kind regards, T G-R --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQT12iAyS4c9C3o4dnINsP+IT1VteQUCXXfXzgAKCRANsP+IT1Vt eegSAQDfSbev5GENWnSNMNV2h2IMPs8QvROx4yuJfcpA7tR4agEA9snV+VtXxvwq IHjm2FGjoQkJTBn8YMRTFWwxbFi+rQA= =lJGc -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Tue Sep 10 18:13:34 2019 Received: (at 37371-done) by debbugs.gnu.org; 10 Sep 2019 22:13:35 +0000 Received: from localhost ([127.0.0.1]:41796 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1i7oOE-0006JR-LT for submit@debbugs.gnu.org; Tue, 10 Sep 2019 18:13:34 -0400 Received: from eggs.gnu.org ([209.51.188.92]:48584) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1i7oOB-0006JD-W9 for 37371-done@debbugs.gnu.org; Tue, 10 Sep 2019 18:13:33 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:35149) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1i7oO6-0006qh-Ew; Tue, 10 Sep 2019 18:13:26 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=54878 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1i7oO6-00035m-2g; Tue, 10 Sep 2019 18:13:26 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Tobias Geerinckx-Rice Subject: Re: bug#37371: =?utf-8?B?Q01ha2XigJlzIOKAnGN0ZXN04oCdIGRvZXNu4oCZ?= =?utf-8?B?dA==?= know about X.509 certificates References: <87tv9k17so.fsf@inria.fr> <877e6gqfd4.fsf@elephly.net> <87v9u0cca9.fsf@nckx> Date: Wed, 11 Sep 2019 00:13:24 +0200 In-Reply-To: <87v9u0cca9.fsf@nckx> (Tobias Geerinckx-Rice's message of "Tue, 10 Sep 2019 19:05:18 +0200") Message-ID: <87pnk7yf3v.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 37371-done Cc: Ricardo Wurmus , 37371-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hello, Tobias Geerinckx-Rice skribis: > Ricardo Wurmus =E5=86=99=E9=81=93=EF=BC=9A >> This is the correct way, in my opinion. The user of libcurl is >> supposed >> to handle environment variable lookup. > > I'm aware of this, but it seems like some users don't do this. I=E2=80=99ve pushed this as 489d16577e4a6ccc30f3719d9263900089edd842. We can revisit the libcurl issue later on (as we regularly do :-)). Thanks for your feedback, Ludo=E2=80=99. From unknown Wed Jun 18 23:10:34 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Wed, 09 Oct 2019 11:24:06 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator