R: server certificate verification failed.

Hi,

while trying to run a simple R script on my guix server, I stumbled upon

a problem with HTTPS and R. It's nothing urgent...

reproducer.R

library(jsonlite)

library(tidyverse)

library(lubridate)

api_parking <- "https://guix.gnu.org/packages.json"

parking.raw <- fromJSON(api_parking, simplifyDataFrame = TRUE)

$ R CMD BATCH reproducer.R

[...]

?? Attaching packages ??????????????????????????????????????? tidyverse

1.3.0 ??

? ggplot2 3.3.0 ? purrr 0.3.3

? tibble 2.1.3 ? dplyr 0.8.5

? tidyr 1.0.2 ? stringr 1.4.0

? readr 1.3.1 ? forcats 0.5.0

?? Conflicts ??????????????????????????????????????????

tidyverse_conflicts() ??

? dplyr::filter() masks stats::filter()

? purrr::flatten() masks jsonlite::flatten()

? dplyr::lag() masks stats::lag()

Attaching package: ‘lubridate’

The following object is masked from ‘package:base’:

date

Error in open.connection(con, "rb") :

server certificate verification failed. CAfile: none CRLfile: none

Calls: fromJSON ... parse_and_simplify -> parseJSON -> parse_con -> open

-> open.connection

Execution halted

For the record my SSL/HTTPS related variables.

$ echo $SSL_CERT_DIR

/etc/ssl/certs

echo $SSL_CERT_FILE

/etc/ssl/certs/ca-certificates.crt

echo $CURL_CA_BUNDLE

/run/current-system/profile/etc/ssl/certs/ca-certificates.crt

All required packages (r, r-*, nss-certs) are installed system wide.

Regards Jonathan

Jonathan Brielmaier <jonathan.brielmaier@web.de> writes:

This is due to a change in r-curl. We patched it to respect the

CURL_CA_BUNDLE environment variable, not just when it’s used on Windows.

The code has changed since we developed the patch. Now the

CURLOPT_CAINFO option is only set (in

curl/src/handle.c:set_handle_defaults) when _WIN32 is defined and when

tlsinfo->backend == CURLSSLBACKEND_OPENSSL. Neither of these cases

apply for Guix.

I’ve adjusted the patch in r-curl.

Thank you for the report!

--

Ricardo