package_control icon indicating copy to clipboard operation
package_control copied to clipboard
verified publisher icon wbond

Package Control does not properly generate merged CA bundle on SLED11

Open kaysond opened this issue 6 years ago • 2 comments

Somewhat related to #860.

Loading packages fails because for whatever reason, package control did not actually generate a CA bundle; the file was empty. I ran cat /etc/ssl/certs/*.pem > /usr2/aakhavan/.config/sublime-text-3/Packages/User/Package Control.merged-ca-bundle, now I can get the package list just fine.

This is on SUSE Linux Enterprise Desktop 11 which is somewhat ancient, but with the CA cert files in a standard location I'm not sure why it failed.

Package Control: Fetching list of available packages and dependencies
  Platform: linux-x64
  Sublime Text Version: 3176
  Package Control Version: 3.3.0
Package Control: Download Debug
  URL: https://packagecontrol.io/channel_v3.json
  Timeout: 30
  Resolved IP: 74.207.232.232
  Resolved IPv6: 2600:3c02::f03c:91ff:fec5:4fd5
Package Control: Urllib Debug Proxy
  http_proxy: 
  https_proxy: 
  proxy_username: 
  proxy_password: 
Package Control: Regenerated the merged CA bundle from the system and user CA bundles
Package Control: Urllib HTTPS Debug General
  Connecting to packagecontrol.io on port 443
Package Control: Urllib HTTPS Debug General
  Upgrading connection to SSL using CA certs file at /usr2/aakhavan/.config/sublime-text-3/Packages/User/Package Control.merged-ca-bundle
Package Control: Error downloading channel. URL error unknown error (_ssl.c:2231) downloading https://packagecontrol.io/channel_v3.json.

kaysond avatar Apr 26 '19 22:04 kaysond

Currently we look at the following locations:

https://github.com/wbond/oscrypto/blob/master/oscrypto/_linux_bsd/trust_list.py#L30-L38

What was the filename inside of /etc/ssl/certs/?

wbond avatar Mar 05 '20 17:03 wbond

So the machine I had this problem on has been replaced. But I checked one of our SLED11 VM's, which I'm guessing has the same image. There isn't a bundle at any of the locations you indicated. In fact there's no single file which contains all of the CA certs; they're each in an individual file. This is presumably why I had to concatenate them all and create my own bundle.

I think the step that says Package Control: Regenerated the merged CA bundle from the system and user CA bundles should probably fail if it doesn't find any bundle, and maybe suggest the command I used above. Probably not worth updating much more than that for such an old OS...

kaysond avatar Mar 05 '20 19:03 kaysond