GNU bug report logs - #40262
R: server certificate verification failed.

Previous Next

Package: guix;

Reported by: Jonathan Brielmaier <jonathan.brielmaier <at> web.de>

Date: Fri, 27 Mar 2020 21:58:01 UTC

Severity: normal

Done: Ricardo Wurmus <rekado <at> elephly.net>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Jonathan Brielmaier <jonathan.brielmaier <at> web.de>
Subject: bug#40262: closed (Re: bug#40262: R: server certificate
 verification failed.)
Date: Fri, 27 Mar 2020 22:40:02 +0000

[Message part 1 (text/plain, inline)]
Your bug report

#40262: R: server certificate verification failed.

which was filed against the guix package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 40262 <at> debbugs.gnu.org.

-- 
40262: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=40262
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Ricardo Wurmus <rekado <at> elephly.net>
To: Jonathan Brielmaier <jonathan.brielmaier <at> web.de>
Cc: 40262-done <at> debbugs.gnu.org
Subject: Re: bug#40262: R: server certificate verification failed.
Date: Fri, 27 Mar 2020 23:39:25 +0100

Jonathan Brielmaier <jonathan.brielmaier <at> web.de> writes:

> Error in open.connection(con, "rb") :
>   server certificate verification failed. CAfile: none CRLfile: none

This is due to a change in r-curl.  We patched it to respect the
CURL_CA_BUNDLE environment variable, not just when it’s used on Windows.
The code has changed since we developed the patch.  Now the
CURLOPT_CAINFO option is only set (in
curl/src/handle.c:set_handle_defaults) when _WIN32 is defined and when
tlsinfo->backend == CURLSSLBACKEND_OPENSSL.  Neither of these cases
apply for Guix.

I’ve adjusted the patch in r-curl.

Thank you for the report!

--
Ricardo


[Message part 3 (message/rfc822, inline)]
From: Jonathan Brielmaier <jonathan.brielmaier <at> web.de>
To: bug-guix <at> gnu.org
Subject: R: server certificate verification failed.
Date: Fri, 27 Mar 2020 22:56:55 +0100

Hi,

while trying to run a simple R script on my guix server, I stumbled upon
a problem with HTTPS and R. It's nothing urgent...

reproducer.R
library(jsonlite)
library(tidyverse)
library(lubridate)
api_parking <- "https://guix.gnu.org/packages.json"
parking.raw <- fromJSON(api_parking, simplifyDataFrame = TRUE)

$ R CMD BATCH reproducer.R
[...]
> library(jsonlite)
> library(tidyverse)
── Attaching packages ─────────────────────────────────────── tidyverse
1.3.0 ──
✔ ggplot2 3.3.0     ✔ purrr   0.3.3
✔ tibble  2.1.3     ✔ dplyr   0.8.5
✔ tidyr   1.0.2     ✔ stringr 1.4.0
✔ readr   1.3.1     ✔ forcats 0.5.0
── Conflicts ──────────────────────────────────────────
tidyverse_conflicts() ──
✖ dplyr::filter()  masks stats::filter()
✖ purrr::flatten() masks jsonlite::flatten()
✖ dplyr::lag()     masks stats::lag()
> library(lubridate)

Attaching package: ‘lubridate’

The following object is masked from ‘package:base’:

    date

> api_parking <- "https://guix.gnu.org/packages.json"
> parking.raw <- fromJSON(api_parking, simplifyDataFrame = TRUE)
Error in open.connection(con, "rb") :
  server certificate verification failed. CAfile: none CRLfile: none
Calls: fromJSON ... parse_and_simplify -> parseJSON -> parse_con -> open
-> open.connection
Execution halted

For the record my SSL/HTTPS related variables.
$ echo $SSL_CERT_DIR
/etc/ssl/certs
echo $SSL_CERT_FILE
/etc/ssl/certs/ca-certificates.crt
echo $CURL_CA_BUNDLE
/run/current-system/profile/etc/ssl/certs/ca-certificates.crt

All required packages (r, r-*, nss-certs) are installed system wide.

Regards Jonathan
This bug report was last modified 5 years and 111 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.