Hi, following nix (https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/compilers/rust/cargo.nix) the right environment variable seems to be CARGO_HTTP_CAINFO setting that to $SSL_CERT_FILE makes cargo work for me.
Cheers, Robin David Loyall <da...@the-good-guys.net> writes: >> This was discussed recently on IRC: >> http://logs.guix.gnu.org/guix/2019-08-29.log#102010 >> Unfortunately we didn’t reach a conclusion. > > Ok, thank you. Unfortunately that user's pastebins expired so I was > not able to compare with my own `ltrace` output. > >> The ‘ltrace -e getenv’ trick I gave might give us >> clues about relevant environment variables. > > Ok, let's see: > > sebboh@geeks ~$ ltrace -e getenv cargo -vv install rustfmt-nightly > libcrypto.so.1.0.0->getenv("SSL_CERT_FILE") > = > "/home/sebboh/.guix-profile/etc/s"... > libcrypto.so.1.0.0->getenv("SSL_CERT_DIR") > = > "/home/sebboh/.guix-profile/etc/s"... > Updating crates.io index > libcurl.so.4->getenv("no_proxy") > = nil > libcurl.so.4->getenv("NO_PROXY") > = nil > libcurl.so.4->getenv("https_proxy") > = nil > libcurl.so.4->getenv("HTTPS_PROXY") > = nil > libcurl.so.4->getenv("all_proxy") > = nil > libcurl.so.4->getenv("ALL_PROXY") > = nil > libcurl.so.4->getenv("no_proxy") > = nil > libcurl.so.4->getenv("NO_PROXY") > = nil > libcurl.so.4->getenv("http_proxy") > = nil > libcurl.so.4->getenv("all_proxy") > = nil > libcurl.so.4->getenv("ALL_PROXY") > = nil > libcrypto.so.1.0.0->getenv("OPENSSL_ALLOW_PROXY_CERTS") > = nil > libcurl.so.4->getenv("no_proxy") > = nil > libcurl.so.4->getenv("NO_PROXY") > = nil > libcurl.so.4->getenv("http_proxy") > = nil > libcurl.so.4->getenv("all_proxy") > = nil > libcurl.so.4->getenv("ALL_PROXY") > = nil > libcrypto.so.1.0.0->getenv("OPENSSL_ALLOW_PROXY_CERTS") > = nil > libcurl.so.4->getenv("no_proxy") > = nil > libcurl.so.4->getenv("NO_PROXY") > = nil > libcurl.so.4->getenv("http_proxy") > = nil > libcurl.so.4->getenv("all_proxy") > = nil > libcurl.so.4->getenv("ALL_PROXY") > = nil > libcrypto.so.1.0.0->getenv("OPENSSL_ALLOW_PROXY_CERTS") > = nil > libcurl.so.4->getenv("no_proxy") > = nil > libcurl.so.4->getenv("NO_PROXY") > = nil > libcurl.so.4->getenv("https_proxy") > = nil > libcurl.so.4->getenv("HTTPS_PROXY") > = nil > libcurl.so.4->getenv("all_proxy") > = nil > libcurl.so.4->getenv("ALL_PROXY") > = nil > error: failed to download from > `https://crates.io/api/v1/crates/rustfmt-nightly/1.4.6/download` > > Caused by: > [60] SSL peer certificate or SSH remote key was not OK (server > certificate verification failed. CAfile: none CRLfile: none) > +++ exited (status 101) +++ > > I investigated this `OPENSSL_ALLOW_PROXY_CERTS` variable and I > concluded that I am not using any such cert--I believe in this case > libcurl checks an environment variable but would not act on the > result? Anyway, I don't use a proxy. (I just confirmed crates.io is > not on the blacklist at work.) > > Well, I'm not sure what to check next. I can tell you that the values > of SSL_CERT_FILE and SSL_CERT_DIR seem to be correct (even though the > ltrace output truncates them). > > Cheers, thanks, > --sebboh
