SSL certificate error on call to getSystemMetadata

[amoeba]

This is an odd one: When I run this code I get the following error:

> library(dataone)
> cn <- CNode("SANDBOX2")
> getSystemMetadata(cn, "urn:uuid:e73e4199-77b6-4c44-a3be-197c01cb967b")
Error in curl::curl_fetch_memory(url, handle = handle) : 
  Problem with the local SSL certificate

traceback:

> traceback()
10: .Call(R_curl_fetch_memory, url, handle, nonblocking)
9: curl::curl_fetch_memory(url, handle = handle)
8: request_fetch.write_memory(req$output, req$url, handle)
7: request_fetch(req$output, req$url, handle)
6: request_perform(req, hu$handle$handle)
5: GET(url, config = new_config, user_agent(get_user_agent()))
4: auth_get(url, node = x)
3: .local(x, ...)
2: getSystemMetadata(cn, "urn:uuid:e73e4199-77b6-4c44-a3be-197c01cb967b")
1: getSystemMetadata(cn, "urn:uuid:e73e4199-77b6-4c44-a3be-197c01cb967b")

Any ideas?

Session info:

``` > devtools::session_info() Session info --------------------------------------------------------------------------------------------------------------------------------------------------------------------- setting value version R version 3.3.1 (2016-06-21) system x86_64, darwin15.5.0 ui RStudio (1.1.56) language (EN) collate en_US.UTF-8 tz America/Juneau date 2017-04-07 Packages ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- package * version date source base64enc 0.1-3 2015-07-28 CRAN (R 3.3.1) commonmark 1.2 2017-03-01 cran (@1.2) curl 2.4 2017-03-24 cran (@2.4) dataone * 2.0.1 2016-08-30 CRAN (R 3.3.1) datapack 1.2.0 2017-04-05 Github (ropensci/datapack@f5a5d62) devtools 1.12.0 2016-12-05 CRAN (R 3.3.1) digest 0.6.12 2017-01-27 cran (@0.6.12) hash 2.2.6 2013-02-21 CRAN (R 3.3.1) httr 1.2.1 2016-07-03 CRAN (R 3.3.1) jsonlite 1.3 2017-02-28 cran (@1.3) magrittr 1.5 2014-11-22 CRAN (R 3.3.1) memoise 1.0.0 2016-01-29 CRAN (R 3.3.1) openssl 0.9.4 2016-05-25 CRAN (R 3.3.1) parsedate 1.1.1 2014-09-24 CRAN (R 3.3.1) plyr 1.8.4 2016-06-08 CRAN (R 3.3.1) R6 2.2.0 2016-10-05 cran (@2.2.0) Rcpp 0.12.10 2017-03-19 cran (@0.12.10) redland 1.0.17-9 2016-12-15 cran (@1.0.17-) roxygen2 6.0.1 2017-02-06 cran (@6.0.1) stringi 1.1.3 2017-03-21 cran (@1.1.3) stringr 1.2.0 2017-02-18 cran (@1.2.0) uuid 0.1-2 2015-07-28 CRAN (R 3.3.1) withr 1.0.2 2016-06-20 CRAN (R 3.3.1) XML 3.98-1.6 2017-03-30 cran (@3.98-1.) xml2 1.1.1 2017-01-24 cran (@1.1.1) ```

[amoeba]

So I remembered that I had a x509 cert in /tmp and, after removing it this call worked again. My cert is still valid so this error is really confusing.

[mbjones]

Initial guess: there are problems on MacOS with x.509 certs because Apple ships a version of curl that doesn't work with client certs outside of Keychain. See details in issue #24.

[amoeba]

Okay, so since that's probably still the case with Sierra, I guess the only thing to do here is to discuss whether the behavior above is what's wanted. I was surprised to get an error because I expected my request to go through even with a certificate issue. What do others think about gracefully continuing with the request instead of error'ing out?

[gothub]

@amoeba One option is to perform platform/OS version checks, which is what the unit tests do externally to the R package code. These kind of checks can be unreliable across package and OS versions, so it's a bit of a hack. Any other ideas?

[amoeba]

I think I'd be happy if the behavior in this case was changed to be tolerant of failure so that my session looked like:

getSystemMetadata(cn, "urn:uuid:e73e4199-77b6-4c44-a3be-197c01cb967b")
Warning: An x509 certificate was found at /tmp/x509... but it was not readable so the request was sent as if made by a public user.

instead of forcing me to remove my x509 cert before making the call again.

[gothub]

OK, that sounds great.