[Pkg-rust-maintainers] Bug#953668: Bug#953668: cargo fails to find default X.509 certificates to validate https on powerpc
Fabian Grünbichler
f.gruenbichler at proxmox.com
Thu Mar 12 10:07:08 GMT 2020
On March 12, 2020 12:06 am, Daniel Kahn Gillmor wrote:
> Package: cargo
> Version: 0.40.0-3
>
> Starting from an empty ~/.cargo, by default on the powerpc platform,
> cargo fails to find the right X.509 certificates to validate an https
> connection to github.com.
>
> But if i explicitly point at the standard CA certificates location, it
> all seems to work:
>
>
> ```
> (sid_powerpc-dchroot)dkg at perotto:~$ rm -rf .cargo
> (sid_powerpc-dchroot)dkg at perotto:~$ strace -f -o cargo-clean.strace cargo search bindgen
> Updating crates.io index
> error: failed to update registry `https://github.com/rust-lang/crates.io-index`
>
> Caused by:
> failed to fetch `https://github.com/rust-lang/crates.io-index`
>
> Caused by:
> the SSL certificate is invalid: 0x08 - The certificate is not correctly signed by the trusted CA; class=Ssl (16); code=Certificate (-17)
>
[SNIP]
>
> This might well be a bug in some dependency of cargo, of course. feel
> free to reassign the bug report if you can narrow it down.
I am not sure whether we want to work around it in cargo (by defaulting
to that location, for example), but this is related to
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927889
libgit2 picks up an installed ca-certificates if available in the
build-env, but does not build-depend on it. if it was available, it sets
the default CA certificate location accordingly (at build time), and
cargo works. if it was not available, the certs provided by
ca-certificates need to be passed in explicitly by any user of libgit2.
the amd64 buildds seem to have ca-certificates installed, the powerpc
porter buildds don't. it is broken in the most recent libgit2 version as
well.
More information about the Pkg-rust-maintainers
mailing list