--cacert option does not handle non-ascii data

[christierney]

A customer tried to use the --cacert option and got this error:

Error- Internal error: cadata should be an ASCII string or a bytes-like object

From slack discussion (https://rstudio.slack.com/archives/C9H3Y1KGE/p1618407352125500?thread_ts=1617900945.097000&cid=C9H3Y1KGE):

The python function we're using is https://docs.python.org/3/library/ssl.html#ssl.create_default_context. The data we provide needs to be "either an ASCII string of one or more PEM-encoded certificates or a bytes-like object of DER-encoded certificates".

https://github.com/pycurl/pycurl/issues/490 It could be that we're loading the file as a string, it contains non-ascii comments, so we really need to make sure it's loaded as bytes

If it's a PEM file with non-ascii characters in the comments, we'll need to load it as binary, then decode to ascii with discard so it ends up as an ascii string (or ask the user to remove the comments). If it's a DER certificate, we need to load as bytes and not convert to text at all. To distinguish those cases, we'd need to inspect the file contents.

Our customer-facing documentation does not give any specifics about the expected format of the certificate file.

customer issue: https://rstudioide.zendesk.com/agent/tickets/59936

[DevMui]

@christierney Hello, we have the exact same issue on our RSConnect instance; is there any workaround?

[greenjune-ship-it]

We also have the exact same issue for our RStudio Connect. Do you have any updates about this issue? Thank you in advance!