DataONEorg / rdataone

R package for reading and writing data at DataONE data repositories
http://doi.org/10.5063/F1M61H5X
36 stars 19 forks source link

SSL certificates and curl on Mac #24

Open sckott opened 10 years ago

sckott commented 10 years ago

If there's already an issue for this, close this...

We realized at the hackathon that default curl on Mac (was it just mavericks?) causes authentication to not work, but does if users update to a more recent curl. Are there other OSes that are affected? Do Windows users and Linux users have a curl version by default that works?

The same issue in ropensci/rnbn#3 where SSL certificates used as well for authentication

csjx commented 10 years ago

My understanding is that Apple changed the default behavior of curl and other binaries in Mavericks to centralize certificate management in Keychain Access. See http://curl.haxx.se/mail/archive-2013-10/0036.html. I've yet to be able to get a curl command to send the certificate with the request after importing it into Keychain Access, but that certainly doesn't mean it can't be done. Needs some more investigation.

mbjones commented 10 years ago

@sckott Yeah, I worked on this some more in the evening, and it seems to be fixed by compiling RCurl against a non-apple version of libcurl, such as the one provided by MacPorts. When I tried curl from MacPorts on the commandline, the SSL connection worked fine too. So the problem seems isolated tothe apple-provided libcurl.

mbjones commented 10 years ago

Configuring and installing RCurl with a custom version of libcurl allows everything to work fine. I can now confirm this is a mac Mavericks issue alone, and so I am closing this bug as not an issue with the dataone library per se. To work around it you must:

1. Install an alternate (non-Apple) version of curl and libcurl

$ /opt/local/bin/curl --version
curl 7.37.1 (x86_64-apple-darwin13.2.0) libcurl/7.37.1 OpenSSL/1.0.1i zlib/1.2.8 libidn/1.26
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smtp smtps telnet tftp 
Features: IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP 
$ which curl-config
/opt/local/bin/curl-config

2. Install a new version of RCurl from source

install.packages("RCurl", type="source")

Once the new version of RCurl is installed, install devtools and httr. When I do this and log in to get my DataONE certificate, all dataone tests pass.

sckott commented 10 years ago

thanks @mbjones - I'll update my curl

mbjones commented 9 years ago

Reopening this curl on mac bug because the workaround no longer works on Yosemite. Need a better solution.

mbjones commented 9 years ago

Workaround for now is to use authTokens instead.