search

cabo / kramdown-rfc

An XML2RFC (RFC799x) backend for Thomas Leitner's kramdown markdown parser
MIT License
195 stars 83 forks source link

error: certificate verify failed (unable to get local issuer certificate) #179

Closed glyn closed 2 years ago

glyn commented 2 years ago

In the last day, kramdown-rfc has started failing in CI and locally with the following error:

/github/home/.cache/xml2rfc/reference.W3C.REC-xpath20-20101214.xml: fetching from https://xml2rfc.tools.ietf.org/public/rfc/bibxml4/reference.W3C.REC-xpath20-20101214.xml
*** Can't get with persistent HTTP: SSL_connect returned=1 errno=0 peeraddr=50.223.129.194:443 state=error: certificate verify failed (unable to get local issuer certificate)
/usr/lib/ruby/3.1.0/net/protocol.rb:46:in `connect_nonblock': SSL_connect returned=1 errno=0 peeraddr=50.223.129.194:443 state=error: certificate verify failed (unable to get local issuer certificate) (OpenSSL::SSL::SSLError)
    from /usr/lib/ruby/3.1.0/net/protocol.rb:46:in `ssl_socket_connect'
    from /usr/lib/ruby/3.1.0/net/http.rb:1048:in `connect'
    from /usr/lib/ruby/3.1.0/net/http.rb:976:in `do_start'
    from /usr/lib/ruby/3.1.0/net/http.rb:965:in `start'
    from /usr/lib/ruby/3.1.0/open-uri.rb:323:in `open_http'
    from /usr/lib/ruby/3.1.0/open-uri.rb:741:in `buffer_open'
    from /usr/lib/ruby/3.1.0/open-uri.rb:212:in `block in open_loop'
    from /usr/lib/ruby/3.1.0/open-uri.rb:210:in `catch'
    from /usr/lib/ruby/3.1.0/open-uri.rb:210:in `open_loop'
    from /usr/lib/ruby/3.1.0/open-uri.rb:151:in `open_uri'
    from /usr/lib/ruby/gems/3.1.0/gems/kramdown-rfc2629-1.6.16/lib/kramdown-rfc2629.rb:985:in `get_and_write_resource'
    from /usr/lib/ruby/gems/3.1.0/gems/kramdown-rfc2629-1.6.16/lib/kramdown-rfc2629.rb:1056:in `rescue in block in get_and_cache_resource'
    from /usr/lib/ruby/gems/3.1.0/gems/kramdown-rfc2629-1.6.16/lib/kramdown-rfc2629.rb:1052:in `block in get_and_cache_resource'
    from /usr/lib/ruby/3.1.0/timeout.rb:107:in `block in timeout'
    from /usr/lib/ruby/3.1.0/timeout.rb:36:in `block in catch'
    from /usr/lib/ruby/3.1.0/timeout.rb:36:in `catch'
    from /usr/lib/ruby/3.1.0/timeout.rb:36:in `catch'
    from /usr/lib/ruby/3.1.0/timeout.rb:123:in `timeout'
    from /usr/lib/ruby/gems/3.1.0/gems/kramdown-rfc2629-1.6.16/lib/kramdown-rfc2629.rb:1050:in `get_and_cache_resource'
    from /usr/lib/ruby/gems/3.1.0/gems/kramdown-rfc2629-1.6.16/lib/kramdown-rfc2629.rb:1159:in `block in convert_img'
    from /usr/lib/ruby/gems/3.1.0/gems/kramdown-rfc2629-1.6.16/lib/kramdown-rfc2629.rb:1143:in `scan'
    from /usr/lib/ruby/gems/3.1.0/gems/kramdown-rfc2629-1.6.16/lib/kramdown-rfc2629.rb:1143:in `convert_img'
    from /usr/lib/ruby/gems/3.1.0/gems/kramdown-rfc2629-1.6.16/lib/kramdown-rfc2629.rb:335:in `block in inner_a'
    from /usr/lib/ruby/gems/3.1.0/gems/kramdown-rfc2629-1.6.16/lib/kramdown-rfc2629.rb:333:in `map'
    from /usr/lib/ruby/gems/3.1.0/gems/kramdown-rfc2629-1.6.16/lib/kramdown-rfc2629.rb:333:in `inner_a'
    from /usr/lib/ruby/gems/3.1.0/gems/kramdown-rfc2629-1.6.16/lib/kramdown-rfc2629.rb:340:in `inner'
    from /usr/lib/ruby/gems/3.1.0/gems/kramdown-rfc2629-1.6.16/lib/kramdown-rfc2629.rb:353:in `convert_p'
    from /usr/lib/ruby/gems/3.1.0/gems/kramdown-rfc2629-1.6.16/lib/kramdown-rfc2629.rb:335:in `block in inner_a'
    from /usr/lib/ruby/gems/3.1.0/gems/kramdown-rfc2629-1.6.16/lib/kramdown-rfc2629.rb:333:in `map'
    from /usr/lib/ruby/gems/3.1.0/gems/kramdown-rfc2629-1.6.16/lib/kramdown-rfc2629.rb:333:in `inner_a'
    from /usr/lib/ruby/gems/3.1.0/gems/kramdown-rfc2629-1.6.16/lib/kramdown-rfc2629.rb:340:in `inner'
    from /usr/lib/ruby/gems/3.1.0/gems/kramdown-rfc2629-1.6.16/lib/kramdown-rfc2629.rb:1398:in `convert_root'
    from /usr/lib/ruby/gems/3.1.0/gems/kramdown-rfc2629-1.6.16/lib/kramdown-rfc2629.rb:328:in `convert1'
    from /usr/lib/ruby/gems/3.1.0/gems/kramdown-rfc2629-1.6.16/lib/kramdown-rfc2629.rb:323:in `convert'
    from /usr/lib/ruby/gems/3.1.0/gems/kramdown-2.4.0/lib/kramdown/converter/base.rb:107:in `convert'
    from /usr/lib/ruby/gems/3.1.0/gems/kramdown-2.4.0/lib/kramdown/document.rb:116:in `method_missing'
    from /usr/lib/ruby/gems/3.1.0/gems/kramdown-rfc2629-1.6.16/lib/kramdown-rfc/command.rb:575:in `<top (required)>'
    from <internal:/usr/lib/ruby/3.1.0/rubygems/core_ext/kernel_require.rb>:85:in `require'
    from <internal:/usr/lib/ruby/3.1.0/rubygems/core_ext/kernel_require.rb>:85:in `require'
    from /usr/lib/ruby/gems/3.1.0/gems/kramdown-rfc2629-1.6.16/bin/kramdown-rfc2629:3:in `<top (required)>'
    from /usr/bin/kramdown-rfc2629:25:in `load'
    from /usr/bin/kramdown-rfc2629:25:in `<main>'
glyn commented 2 years ago

Upgrading the local version from 1.6.11 to 1.6.17 fixed the problem:

gem update kramdown-rfc
glyn commented 2 years ago

This CI job, for example, runs the Docker container ghcr.io/martinthomson/i-d-template-action:latest (with digest sha256:ac48b80fffb58e5c4dbc2b86dbb6180567922e23636787bdc64f56a011418ded) which includes kramdown-rfc. It is not clear what version of kramdown-rfc is included.

glyn commented 2 years ago

It is not clear that this is a problem with kramdown-rfc per se, so closing.