GNU bug report logs -
#61557
vdirsyncer fails to verify certificates
Previous Next
Full log
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
Package: vdirsyncer
Version: 0.19.0
I am using Guix on a foreign distro of Debian GNU/Linux 11 (bullseye).
I have the following manifest installed in particular profile:
(specifications->manifest
(list "go"
"sbcl"
"khal"
"mutt"
"nss-certs"
"protobuf"
"vdirsyncer"))
Since vdirsyncer updated to 0.19.0, I cannot sync with any remote host
using CalDAV or HTTPS iCalendar files. This is reproducible with my
private servers, Microsoft Outlook 365 calendars, Google Calendars,
and others. I have moset recently verified it with Guix 312f1f4 and a
vdirsyncer producing
/gnu/store/9aa2bj3likla61zqbsim1a1c99k3jk93-vdirsyncer-0.19.0 (I don't
know how to give a more precise or useful install, please let me know
if I should, and how I would), but I have narrowed the breaking change
down to Guix revision f635f725778f86abaa77f674f8f670f74bffd7be.
Revision ed18b697c4783f139e23731f5bd0b0ed197997bb, which is vdirsyncer
0.18.0, works as expected.
The lightly redacted error that vdirsyncer produces is:
error: Unknown error occurred for [config entry]/calendarname: Cannot connect to host cloud.kb8ojh.net:443 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate
(_ssl.c:1129)')]
An example configuration that causes this is:
[storage samplecalendar_public]
type = "http"
url = "https://calendar.google.com/calendar/ical/[redacted]group.calendar.google.com/public/basic.ics"
[storage localcalendar_public]
type = "filesystem"
path = "~/.calendars/public"
fileext = ".ics"
[pair public_calendar]
a = "samplecalendar_public"
b = "localcalendar public"
collections = [ "from a" ]
It appears that the root cause is in Python aiohttp, as starting the
python3 interpreter invoked by the vdirsyncer binary in the installed
profile with the GUIX_PYTHONPATH provided, then attempting to fetch an
HTTPS URL using aiohttp, will fail with an SSL error. I cannot tell
if the root configuration problem is in vdirsyncer and its
dependencies or in aiohttp, so I am reporting it against vdirsyncer,
which I can confirm is broken.
I have tried installing various certificate packages and other
packages that seemed like they might be related (such as nss-certs,
nss itself, gnutls, etc.), but not found anything that seemed to
resolve the issue.
This bug that I have reported upstream is related, but I think the
problem is with the Guix packaging and/or dependencies, not with
vdirsyncer itself:
https://github.com/pimutils/vdirsyncer/issues/1034
Ethan
This bug report was last modified 2 years and 84 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.