R: server certificate verification failed.

Jonathan Brielmaier wrote 5 years ago

Recipients:(address . bug-guix@gnu.org)

Message-ID:aaf92d30-4f45-1939-7e59-759143f93609@web.de

Hi,

while trying to run a simple R script on my guix server, I stumbled upon

a problem with HTTPS and R. It's nothing urgent...

reproducer.R

library(jsonlite)

library(tidyverse)

library(lubridate)

api_parking <- "https://guix.gnu.org/packages.json"

parking.raw <- fromJSON(api_parking, simplifyDataFrame = TRUE)

$ R CMD BATCH reproducer.R

[...]

Toggle quote (2 lines)

> library(jsonlite)

> library(tidyverse)

── Attaching packages ─────────────────────────────────────── tidyverse
1.3.0 ──
✔ ggplot2 3.3.0     ✔ purrr   0.3.3
✔ tibble  2.1.3     ✔ dplyr   0.8.5
✔ tidyr   1.0.2     ✔ stringr 1.4.0
✔ readr   1.3.1     ✔ forcats 0.5.0
── Conflicts ──────────────────────────────────────────
tidyverse_conflicts() ──
✖ dplyr::filter()  masks stats::filter()
✖ purrr::flatten() masks jsonlite::flatten()
✖ dplyr::lag()     masks stats::lag()

Toggle quote (2 lines)

> library(lubridate)

Attaching package: ‘lubridate’

The following object is masked from ‘package:base’:

date

Toggle quote (2 lines)

> api_parking <- "https://guix.gnu.org/packages.json"

> parking.raw <- fromJSON(api_parking, simplifyDataFrame = TRUE)

Error in open.connection(con, "rb") :
  server certificate verification failed. CAfile: none CRLfile: none
Calls: fromJSON ... parse_and_simplify -> parseJSON -> parse_con -> open
-> open.connection
Execution halted

For the record my SSL/HTTPS related variables.
$ echo $SSL_CERT_DIR
/etc/ssl/certs
echo $SSL_CERT_FILE
/etc/ssl/certs/ca-certificates.crt
echo $CURL_CA_BUNDLE
/run/current-system/profile/etc/ssl/certs/ca-certificates.crt

All required packages (r, r-*, nss-certs) are installed system wide.

Regards Jonathan

Ricardo Wurmus wrote 5 years ago

Recipients:(name . Jonathan Brielmaier)(address . jonathan.brielmaier@web.de)(address . 40262-done@debbugs.gnu.org)

Message-ID:87a741xw0y.fsf@elephly.net

Jonathan Brielmaier <jonathan.brielmaier@web.de> writes:

Toggle quote (3 lines)

> Error in open.connection(con, "rb") :

> server certificate verification failed. CAfile: none CRLfile: none

This is due to a change in r-curl. We patched it to respect the

CURL_CA_BUNDLE environment variable, not just when it’s used on Windows.

The code has changed since we developed the patch. Now the

CURLOPT_CAINFO option is only set (in

curl/src/handle.c:set_handle_defaults) when _WIN32 is defined and when

tlsinfo->backend == CURLSSLBACKEND_OPENSSL. Neither of these cases

apply for Guix.

I’ve adjusted the patch in r-curl.

Thank you for the report!

Ricardo

Closed

Your comment

This issue is archived.

To comment on this conversation send an email to 40262@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it

mumi current 40262

Then, you may apply the latest patchset in this issue (with sign off)

mumi am -- -s

Or, compose a reply to this issue

mumi compose

Or, send patches to this issue

mumi send-email *.patch

You may also tag this issue. See list of standard tags. For example, to set the confirmed and easy tags

mumi command -t +confirmed -t +easy

Or, remove the moreinfo tag and set the help tag

mumi command -t -moreinfo -t +help

is:open	open issues
is:done	closed issues
submitter:<who>	search issue submitter
author:<who>	search by message author
date:yesterday..now	search by issue date
mdate:3m..2d	search by message date