GNU bug report logs -
#75902
guile-gnutls does not set up search paths for the certificates
Previous Next
Full log
View this message in rfc822 format
[Message part 1 (text/plain, inline)]
When trying to use (web client) Guile module, one gets the following
error:
--8<---------------cut here---------------start------------->8---
$ guix shell -CN guile guile-gnutls nss-certs -- guile -c '((@ (web client) http-get) "https://gnu.org")'
Backtrace:
In ice-9/boot-9.scm:
1752:10 7 (with-exception-handler _ _ #:unwind? _ # _)
In unknown file:
6 (apply-smob/0 #<thunk 7f625f6c1300>)
In ice-9/boot-9.scm:
724:2 5 (call-with-prompt _ _ #<procedure default-prompt-handle?>)
In ice-9/eval.scm:
619:8 4 (_ #(#(#<directory (guile-user) 7f625f6c4c80>)))
In ice-9/command-line.scm:
185:19 3 (_ #<input: string 7f625f6be850>)
In unknown file:
2 (eval ((@ (web client) http-get) "https://gnu.org") #<d?>)
In web/client.scm:
576:0 1 (http-get "https://gnu.org" #:body _ # _ #:port _ # #<?> ?)
286:6 0 (tls-wrap #<closed: file 7f6256da2c40> _ # _)
web/client.scm:286:6: In procedure tls-wrap:
X.509 certificate of 'gnu.org' could not be verified:
signer-not-found invalid
--8<---------------cut here---------------end--------------->8---
It seems that guile-gnutls fails to find the certificates, which is
unexpected. Adding `curl' into the list of packages works around the
problem:
--8<---------------cut here---------------start------------->8---
$ guix shell -CN guile guile-gnutls nss-certs curl -- guile -c '((@ (web client) http-get) "https://gnu.org")'
--8<---------------cut here---------------end--------------->8---
We can see the difference boils down to different search paths:
--8<---------------cut here---------------start------------->8---
$ guix shell -CN guile guile-gnutls nss-certs --search-paths
export PATH="/gnu/store/gg2qybb41rpcl0fs4ay98s2q3m2mcbyz-profile/bin${PATH:+:}$PATH"
export GUILE_LOAD_PATH="/gnu/store/gg2qybb41rpcl0fs4ay98s2q3m2mcbyz-profile/share/guile/site/3.0${GUILE_LOAD_PATH:+:}$GUILE_LOAD_PATH"
export GUILE_LOAD_COMPILED_PATH="/gnu/store/gg2qybb41rpcl0fs4ay98s2q3m2mcbyz-profile/lib/guile/3.0/site-ccache:/gnu/store/gg2qybb41rpcl0fs4ay98s2q3m2mcbyz-profile/share/guile/site/3.0${GUILE_LOAD_COMPILED_PATH:+:}$GUILE_LOAD_COMPILED_PATH"
--8<---------------cut here---------------end--------------->8---
and
--8<---------------cut here---------------start------------->8---
$ guix shell -CN guile guile-gnutls nss-certs curl --search-paths
export PATH="/gnu/store/6zbi90idpfww3y4k7bcnm38lwilnxiql-profile/bin${PATH:+:}$PATH"
export SSL_CERT_DIR="/gnu/store/6zbi90idpfww3y4k7bcnm38lwilnxiql-profile/etc/ssl/certs"
export SSL_CERT_FILE="/gnu/store/6zbi90idpfww3y4k7bcnm38lwilnxiql-profile/etc/ssl/certs/ca-certificates.crt"
export CURL_CA_BUNDLE="/gnu/store/6zbi90idpfww3y4k7bcnm38lwilnxiql-profile/etc/ssl/certs/ca-certificates.crt"
export GUILE_LOAD_PATH="/gnu/store/6zbi90idpfww3y4k7bcnm38lwilnxiql-profile/share/guile/site/3.0${GUILE_LOAD_PATH:+:}$GUILE_LOAD_PATH"
export GUILE_LOAD_COMPILED_PATH="/gnu/store/6zbi90idpfww3y4k7bcnm38lwilnxiql-profile/lib/guile/3.0/site-ccache:/gnu/store/6zbi90idpfww3y4k7bcnm38lwilnxiql-profile/share/guile/site/3.0${GUILE_LOAD_COMPILED_PATH:+:}$GUILE_LOAD_COMPILED_PATH"
--8<---------------cut here---------------end--------------->8---
I think guile-gnutls should also declare the SSL_* variables, since it
needs the certificates for vast majority of things one could want to do
with it..
Have a nice day,
Tomas
--
There are only two hard things in Computer Science:
cache invalidation, naming things and off-by-one errors.
[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 90 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.