oauth2-rs icon indicating copy to clipboard operation
oauth2-rs copied to clipboard
verified publisher icon ramosbugs

Q: Error SSL certificate

Open cberdaguer31 opened this issue 1 year ago • 1 comments

Hello,

First thanks for your hard work on this crate and its great ! I'm finding in trouble regarding obtaining the access token, I got some SSL error certificate on my VPS. How can I add the certificate inside the reqwest client ?

I'v followed the example but I'm not able to do so : let code_auth = AuthorizationCode::new(code.to_string().clone()); let response = client .exchange_code(code_auth) .request_async(async_http_client) .await;

Where is the place to issue my certificate ? I'm new to rust and all oauth2 protocol so sorry if this question seems stupid ^^'

The error I'm getting for reference : ERROR: Request(Reqwest(reqwest::Error { kind: Request, url: Url { scheme: "https", cannot_be_a_base: false, username: "", password: None, host: Some(Domain("discord.com")), port: None, path: "/api/oauth2/token", query: None, fragment: None }, source: hyper::Error(Connect, Ssl(Error { code: ErrorCode(1), cause: Some(Ssl(ErrorStack([Error { code: 369098857, library: "STORE routines", function: "ossl_store_get0_loader_int", reason: "unregistered scheme", file: "../crypto/store/store_register.c", line: 237, data: "scheme=file" }, Error { code: 2147483650, library: "system library", function: "file_open", file: "../providers/implementations/storemgmt/file_store.c", line: 267, data: "calling stat(/usr/lib/ssl/certs)" }, Error { code: 369098857, library: "STORE routines", function: "ossl_store_get0_loader_int", reason: "unregistered scheme", file: "../crypto/store/store_register.c", line: 237, data: "scheme=file" }, Error { code: 2147483650, library: "system library", function: "file_open", file: "../providers/implementations/storemgmt/file_store.c", line: 267, data: "calling stat(/usr/lib/ssl/certs)" }, Error { code: 369098857, library: "STORE routines", function: "ossl_store_get0_loader_int", reason: "unregistered scheme", file: "../crypto/store/store_register.c", line: 237, data: "scheme=file" }, Error { code: 2147483650, library: "system library", function: "file_open", file: "../providers/implementations/storemgmt/file_store.c", line: 267, data: "calling stat(/usr/lib/ssl/certs)" }, Error { code: 167772294, library: "SSL routines", function: "tls_post_process_server_certificate", reason: "certificate verify failed", file: "../ssl/statem/statem_clnt.c", line: 1889 }]))) }, X509VerifyResult { code: 20, error: "unable to get local issuer certificate" })) }))

I'v tried with Google and Discord provider and got same error.

Thanks in advance and feel free to close this issue if its not the right place :)

cberdaguer31 avatar May 14 '24 19:05 cberdaguer31

This usually means that you don't have root SSL certificates installed on the system or reqwest is not able to find them. In barebones linux systems (especially in Docker if you base your image on something like debian-slim), this is a fact (no certificates). What I usually do is install curl on that system, which pulls everything needed.

loxs avatar Aug 26 '24 12:08 loxs

I don't know if this fits here, but I have a similar issue trying to use self-signed certificates with komodo that could be traced down to this crate. https://github.com/mbecker20/komodo/issues/130#issuecomment-2591786483

tldr; would it be possible to, add the reqwest feature option rustls-native-roots, so a systems certificates can be used?

tedstriker avatar Jan 15 '25 12:01 tedstriker

Duplicate of #287

ramosbugs avatar Jan 15 '25 14:01 ramosbugs