GNU bug report logs - #40262
R: server certificate verification failed.

Previous Next

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Ricardo Wurmus <rekado <at> elephly.net>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#40262: closed (R: server certificate verification failed.)
Date: Fri, 27 Mar 2020 22:40:01 +0000

[Message part 1 (text/plain, inline)]

Your message dated Fri, 27 Mar 2020 23:39:25 +0100
with message-id <87a741xw0y.fsf <at> elephly.net>
and subject line Re: bug#40262: R: server certificate verification failed.
has caused the debbugs.gnu.org bug report #40262,
regarding R: server certificate verification failed.
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
40262: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=40262
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]

From: Jonathan Brielmaier <jonathan.brielmaier <at> web.de>
To: bug-guix <at> gnu.org
Subject: R: server certificate verification failed.
Date: Fri, 27 Mar 2020 22:56:55 +0100

Hi,

while trying to run a simple R script on my guix server, I stumbled upon
a problem with HTTPS and R. It's nothing urgent...

reproducer.R
library(jsonlite)
library(tidyverse)
library(lubridate)
api_parking <- "https://guix.gnu.org/packages.json"
parking.raw <- fromJSON(api_parking, simplifyDataFrame = TRUE)

$ R CMD BATCH reproducer.R
[...]
> library(jsonlite)
> library(tidyverse)
── Attaching packages ─────────────────────────────────────── tidyverse
1.3.0 ──
✔ ggplot2 3.3.0     ✔ purrr   0.3.3
✔ tibble  2.1.3     ✔ dplyr   0.8.5
✔ tidyr   1.0.2     ✔ stringr 1.4.0
✔ readr   1.3.1     ✔ forcats 0.5.0
── Conflicts ──────────────────────────────────────────
tidyverse_conflicts() ──
✖ dplyr::filter()  masks stats::filter()
✖ purrr::flatten() masks jsonlite::flatten()
✖ dplyr::lag()     masks stats::lag()
> library(lubridate)

Attaching package: ‘lubridate’

The following object is masked from ‘package:base’:

    date

> api_parking <- "https://guix.gnu.org/packages.json"
> parking.raw <- fromJSON(api_parking, simplifyDataFrame = TRUE)
Error in open.connection(con, "rb") :
  server certificate verification failed. CAfile: none CRLfile: none
Calls: fromJSON ... parse_and_simplify -> parseJSON -> parse_con -> open
-> open.connection
Execution halted

For the record my SSL/HTTPS related variables.
$ echo $SSL_CERT_DIR
/etc/ssl/certs
echo $SSL_CERT_FILE
/etc/ssl/certs/ca-certificates.crt
echo $CURL_CA_BUNDLE
/run/current-system/profile/etc/ssl/certs/ca-certificates.crt

All required packages (r, r-*, nss-certs) are installed system wide.

Regards Jonathan

[Message part 3 (message/rfc822, inline)]

From: Ricardo Wurmus <rekado <at> elephly.net>
To: Jonathan Brielmaier <jonathan.brielmaier <at> web.de>
Cc: 40262-done <at> debbugs.gnu.org
Subject: Re: bug#40262: R: server certificate verification failed.
Date: Fri, 27 Mar 2020 23:39:25 +0100

Jonathan Brielmaier <jonathan.brielmaier <at> web.de> writes:

> Error in open.connection(con, "rb") :
>   server certificate verification failed. CAfile: none CRLfile: none

This is due to a change in r-curl.  We patched it to respect the
CURL_CA_BUNDLE environment variable, not just when it’s used on Windows.
The code has changed since we developed the patch.  Now the
CURLOPT_CAINFO option is only set (in
curl/src/handle.c:set_handle_defaults) when _WIN32 is defined and when
tlsinfo->backend == CURLSSLBACKEND_OPENSSL.  Neither of these cases
apply for Guix.

I’ve adjusted the patch in r-curl.

Thank you for the report!

--
Ricardo

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.