stale[bot]
commented
3 years ago I marked this as stale due to inactivity. → More info
Open suhr opened 4 years ago
stale[bot]
commented
3 years ago I marked this as stale due to inactivity. → More info
AndrewKvalheim
commented
1 year ago The httpie package uses the certificate bundle provided by python3Packages.certifi, which is already patched to use the default system certificates from the cacert package:
Adding a certificate via the security.pki.certificateFiles option successfully overrides the cacert package—
—but only for the generation of /etc/ssl/certs/ca-certificates.crt. Other packages that depend on cacert don’t use the override and thus fail to respect the configuration.
As a workaround, setting NIX_SSL_CERT_FILE has the desired effect:
$ NIX_SSL_CERT_FILE='/etc/ssl/certs/ca-certificates.crt' http 'https://example.localhost/'
HTTP/1.1 200 OK
techknowlogick
commented
3 months ago If it helps anyone else who runs into this. I've added the following shell alias to home-manager:
http = "REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt ${pkgs.httpie}/bin/http";
donovanglover
commented
3 months ago Should we patch this in nixpkgs instead of waiting for upstream?
As an alternative, xh is a Rust-based httpie that doesn't have this problem.
Describe the bug
HTTPie does not know about certificates in
/etc/ssl/certs/ca-certificates.crt.To Reproduce Steps to reproduce the behavior:
http get <resource>whereresourceneeds the new CAcurl <resource>to see that the system certificate actually worksExpected behavior
HTTPie should know about certificates in
/etc/ssl/certs/ca-certificates.crt.Notify maintainers
@schneefux
Metadata
See also: https://github.com/jakubroztocil/httpie/issues/480