listMarts has familiar SSL error

[LiNk-NY]

Hi Mike @grimbough

We're seeing this SSL error from the listMarts function in GenomicFeatures: https://bioconductor.org/checkResults/devel/bioc-LATEST/GenomicFeatures/nebbiolo1-checksrc.html

Based on the recommendation:

The best solution is for anyone calling useMart() to switch to using useEnsembl() in the devel branch. useEnsembl() will set some lower security settings specifically for accessing the Ensembl sites.

it looks like listMarts is doing this internally and is implemented here: https://github.com/grimbough/biomaRt/blob/e9b095262aa702a7bf2c1ad010d29b8dad0a519a/R/ensembl_ssl_settings.R#L23

I wonder if the error on the report is due to a caching issue?

Thanks !

[grimbough]

I notice that this follows a message about failing to connect to the uswest mirror and trying the primary Ensembl site. For some reason the certificates are different on the two servers, with only the www causing a problem for me. I wonder if the majority of your queries on the builder get redirected to a local mirror, but that particular one is getting sent to the primary site.

The testing for SSL settings is done by biomaRt:::.test_ensembl(). It should query both the primary and mirror sites for exactly that reason. It can be a bit slow, so the results are cached after first use and loaded when needed. I guess if they're inappropriate it'll always be a problem until the cache is deleted.

Are you able to run commands on the builder? It might be interesting to see the output from biomaRt:::getEnsemblSSL()

On my Ubuntu machine it looks like:

> biomaRt:::.getEnsemblSSL()
[[1]]
<request>
Options:
* ssl_cipher_list: DEFAULT@SECLEVEL=1

[[2]]
<request>
Options:
* ssl_verifypeer: FALSE

[LiNk-NY]

Thanks Mike! I have asked Jennifer @jwokaty to run biomaRt:::getEnsemblSSL() on the builder. They will report back soon.

[jwokaty]

I ran the following on nebbiolo1 the linux devel builder:

> biomaRt:::.getEnsemblSSL()
list()
> biomaRt:::.test_ensembl()
Error in curl::curl_fetch_memory(url, handle = handle) : 
  SSL certificate problem: unable to get local issuer certificate

Since @grimbough mentioned the cache might be the problem, I used biomartCacheClear() and got

> library(biomaRt)
> biomaRt:::.getEnsemblSSL()
[[1]]
<request>
Options:
* ssl_verifypeer: FALSE

> biomaRt:::.test_ensembl()
Error in curl::curl_fetch_memory(url, handle = handle) : 
  SSL certificate problem: unable to get local issuer certificate

[grimbough]

Great, thanks @jwokaty for running those. I think this should have resolved the issue.

I wasn't very clear before, but .test_ensembl() is used to assess if there is a problem on the system and will ignore any previously identified settings, so it's expected that it will always produce the SSL certificate problem: unable to get local issuer certificate error. Nothing to worry about that we're still seeing that.

There's a function biomaRt:::.checkEnsemblSSL() which repeatedly uses .test_ensembl() adding settings until it works successfully. It's the output from this that is retrieved by biomaRt:::.getEnsemblSSL().

I don't know why you would have had an empty list() saved in the cache, but I think the updated version with ssl_verifypeer: FALSE will be sufficient to get it working now.

[LiNk-NY]

This looks resolved to me. Thanks for the help Mike!