GNU bug report logs -
#61557
vdirsyncer fails to verify certificates
Previous Next
Full log
Message #24 received at 61557 <at> debbugs.gnu.org (full text, mbox):
(Pardon the delay, for some reason I do not get email notifications
for this bug.)
I had read the X.509 Certificates section of the manual, but since my
certificates ARE in the default location of /etc/ssl/certs, and
vdirsyncer had previously worked, for some reason I did not dig into
it deeply enough, or perhaps I attempted to set it up wrongly at some
point in the past.
Setting SSL_CERT_DIR=/etc/ssl/certs in my environment fixes the
vdirsyncer package, and it syncs correctly.
I have also discovered that python aiohttp will correctly verify
certificates WITHOUT this environment variable with:
guix shell -P -C -N python python-aiohttp nss-certs openssl
Leaving out EITHER nss-certs OR openssl causes aiohttp to exhibit the
same behavior as vdirsyncer.
However, including both of these packages in the same (foreign distro)
profile that includes vdirsyncer does NOT cause vdirsyncer to
correctly verify certificates.
I am not sure what this means for this bug; certainly the change from
"working without extra configuration" to "broken without extra
configuration" is a regression in user experience, but it may be that
it is working as intended. It seems to me that the principle of least
astonishment for foreign distro users would suggest that python
aiohttp defaults to loading /etc/ssl/certs from the foreign distro, if
present.
This bug report was last modified 2 years and 84 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.