curb icon indicating copy to clipboard operation
curb copied to clipboard
verified publisher icon taf2

Not working with libcurl 8.8

Open nroose opened this issue 1 year ago • 4 comments

Seems as though it always gets a ca-certificates error with the latest libcurl And that is the only one supported by Alpine 3.20. Any chance you can do an update or tell us a way to get the ca certs to work?

irb(main):002> Curl.get('https://repairpal.com/ping')
(irb):2:in `<main>': Problem with the SSL CA cert (path? access rights?): error setting certificate file: "/etc/ssl/certs/ca-certificates.crt" (Curl::Err::SSLCaertBadFile)

nroose avatar Jul 02 '24 23:07 nroose

Running into the same problem after upgrade to ruby:3.3.3-alpine3.20

Curl::Err::SSLCaertBadFile: Problem with the SSL CA cert (path? access rights?): error setting certificate file: "/etc/ssl/certs/ca-certificates.crt"
from /work/vendor/bundle/ruby/3.3.0/gems/curb-1.0.5/lib/curl/easy.rb:80:in `perform'

ddstrygin avatar Jul 10 '24 03:07 ddstrygin

I'm experiencing the same problem:

require 'curb'

Curl::Easy.perform("https://www.enroute.mobi/") do |http|
  http.verbose = true
end

gives this output:

* Host www.enroute.mobi:443 was resolved.
* IPv6: 2001:4b98:e01::38
* IPv4: 217.70.184.56
*   Trying [2001:4b98:e01::38]:443...
* Connected to www.enroute.mobi (2001:4b98:e01::38) port 443
* GnuTLS ciphers: NORMAL:-ARCFOUR-128:-CTYPE-ALL:+CTYPE-X509:-VERS-SSL3.0
* error reading ca cert file "/etc/ssl/certs/ca-certificates.crt" (Error while reading file.)
* error reading ca cert file "/etc/ssl/certs/ca-certificates.crt" (Error while reading file.)
* Closing connection

A small strace provides this interesting information:

834810 openat(AT_FDCWD, "\"/etc/ssl/certs/ca-certificates.crt\"", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
834810 openat(AT_FDCWD, "\"/etc/ssl/certs/ca-certificates.crt\"", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)

The extra quotes seem to be the root cause of the problem.

When cacert is specified with the same file, the correct file is opened and the request is successful:

require 'curb'

Curl::Easy.perform("https://www.enroute.mobi/dummy") do |http|
  http.verbose = true
  http.cacert = "/etc/ssl/certs/ca-certificates.crt"
end

835496 openat(AT_FDCWD, "/etc/ssl/certs/ca-certificates.crt", O_RDONLY|O_CLOEXEC) = 10

albanpeignier avatar Jul 23 '24 13:07 albanpeignier

With libcurl 8.8.0, curl-config --ca outputs quotes:

➜ curl-config --version
libcurl 8.8.0
➜ curl-config --ca
"/etc/ssl/certs/ca-certificates.crt"

With a previous version, quotes are absent:

➜ docker run --rm -it debian:stable
root@85ab7a0efe7c:/# apt update && apt install -y libcurl4-openssl-dev
[...]
root@85ab7a0efe7c:/# curl-config --version
libcurl 7.88.1
root@85ab7a0efe7c:/# curl-config --ca
/etc/ssl/certs/ca-certificates.crt

albanpeignier avatar Jul 23 '24 13:07 albanpeignier

Wonder if the double quote PR helps here?

taf2 avatar Aug 23 '24 13:08 taf2

yes it does appear to be fixed

taf2 avatar Sep 09 '24 20:09 taf2