On Fri, Sep 23, 2016 at 02:27:28AM -0400, Leo Famulari wrote: > On Wed, Sep 21, 2016 at 08:27:47AM +0000, ng0 wrote: > > ;; > > http://darcs.net/manual/Configuring_darcs.html#SECTION00440070000000000000 > > Based on that link to the Darcs manual, my understanding is that users > must provide Darcs with a set of URL handlers in the form of shell > invocations in environment variables.
I was wrong; those variables are no longer used by Darcs. HTTPS should "just work". Here I am using Darcs from Debian Stretch: $ darcs clone --debug-http https://dev.seek-together.space/s/fr33domlover/r/vervis * Trying 188.120.157.6... * Connected to dev.seek-together.space (188.120.157.6) port 443 (#0) * found 173 certificates in /etc/ssl/certs/ca-certificates.crt * found 692 certificates in /etc/ssl/certs * ALPN, offering http/1.1 * SSL connection using TLS1.2 / ECDHE_RSA_AES_256_GCM_SHA384 * server certificate verification OK * server certificate status verification SKIPPED * common name: dev.seek-together.space (matched) * server certificate expiration date OK * server certificate activation date OK * certificate public key: RSA * certificate version: #3 * subject: CN=dev.seek-together.space * start date: Tue, 09 Aug 2016 12:20:00 GMT * expire date: Mon, 07 Nov 2016 12:20:00 GMT * issuer: C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3 * compression: NULL * ALPN, server did not agree to a protocol > GET /s/fr33domlover/r/vervis/_darcs/prefs/motd HTTP/1.1 Host: dev.seek-together.space User-Agent: darcs/2.12.0 libcurl/7.47.0 Accept: */* Cache-Control: max-age=600 [... et cetera ...] But, with the WIP Guix package, our libcurl does not find the certificate store: $ darcs clone --debug-http https://dev.seek-together.space/s/fr33domlover/r/vervis * Trying 188.120.157.6... * TCP_NODELAY set * Connected to dev.seek-together.space (188.120.157.6) port 443 (#0) * ALPN, offering http/1.1 * SSL connection using TLS1.2 / ECDHE_RSA_AES_256_GCM_SHA384 * server certificate verification failed. CAfile: none CRLfile: none * Curl_http_done: called premature == 1 * Closing connection 0 * Hostname dev.seek-together.space was found in DNS cache * Trying 188.120.157.6... * TCP_NODELAY set * Connected to dev.seek-together.space (188.120.157.6) port 443 (#1) * ALPN, offering http/1.1 * SSL connection using TLS1.2 / ECDHE_RSA_AES_256_GCM_SHA384 * server certificate verification failed. CAfile: none CRLfile: none * Curl_http_done: called premature == 1 * Closing connection 1 * Hostname dev.seek-together.space was found in DNS cache * Trying 188.120.157.6... * TCP_NODELAY set * Connected to dev.seek-together.space (188.120.157.6) port 443 (#2) * ALPN, offering http/1.1 * SSL connection using TLS1.2 / ECDHE_RSA_AES_256_GCM_SHA384 * server certificate verification failed. CAfile: none CRLfile: none * Curl_http_done: called premature == 1 * Closing connection 2 darcs failed: Not a repository: https://dev.seek-together.space/s/fr33domlover/r/vervis (Peer certificate cannot be authenticated with given CA certificates) HINT: Do you have the right URI for the repository?
