search

taf2 / curb

Ruby bindings for libcurl
Other
1.29k stars 230 forks source link

Not working with libcurl 8.8 #452

Open nroose opened 1 month ago

nroose commented 1 month ago

Seems as though it always gets a ca-certificates error with the latest libcurl And that is the only one supported by Alpine 3.20. Any chance you can do an update or tell us a way to get the ca certs to work?

irb(main):002> Curl.get('https://repairpal.com/ping')
(irb):2:in `<main>': Problem with the SSL CA cert (path? access rights?): error setting certificate file: "/etc/ssl/certs/ca-certificates.crt" (Curl::Err::SSLCaertBadFile)
ddstrygin commented 1 month ago

Running into the same problem after upgrade to ruby:3.3.3-alpine3.20

Curl::Err::SSLCaertBadFile: Problem with the SSL CA cert (path? access rights?): error setting certificate file: "/etc/ssl/certs/ca-certificates.crt"
from /work/vendor/bundle/ruby/3.3.0/gems/curb-1.0.5/lib/curl/easy.rb:80:in `perform'
albanpeignier commented 1 month ago

I'm experiencing the same problem:

require 'curb'

Curl::Easy.perform("https://www.enroute.mobi/") do |http|
  http.verbose = true
end

gives this output:

* Host www.enroute.mobi:443 was resolved.
* IPv6: 2001:4b98:e01::38
* IPv4: 217.70.184.56
*   Trying [2001:4b98:e01::38]:443...
* Connected to www.enroute.mobi (2001:4b98:e01::38) port 443
* GnuTLS ciphers: NORMAL:-ARCFOUR-128:-CTYPE-ALL:+CTYPE-X509:-VERS-SSL3.0
* error reading ca cert file "/etc/ssl/certs/ca-certificates.crt" (Error while reading file.)
* error reading ca cert file "/etc/ssl/certs/ca-certificates.crt" (Error while reading file.)
* Closing connection

A small strace provides this interesting information:

834810 openat(AT_FDCWD, "\"/etc/ssl/certs/ca-certificates.crt\"", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
834810 openat(AT_FDCWD, "\"/etc/ssl/certs/ca-certificates.crt\"", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)

The extra quotes seem to be the root cause of the problem.

When cacert is specified with the same file, the correct file is opened and the request is successful:

require 'curb'

Curl::Easy.perform("https://www.enroute.mobi/dummy") do |http|
  http.verbose = true
  http.cacert = "/etc/ssl/certs/ca-certificates.crt"
end
835496 openat(AT_FDCWD, "/etc/ssl/certs/ca-certificates.crt", O_RDONLY|O_CLOEXEC) = 10
albanpeignier commented 1 month ago

With libcurl 8.8.0, curl-config --ca outputs quotes:

➜ curl-config --version
libcurl 8.8.0
➜ curl-config --ca
"/etc/ssl/certs/ca-certificates.crt"

With a previous version, quotes are absent:

➜ docker run --rm -it debian:stable
root@85ab7a0efe7c:/# apt update && apt install -y libcurl4-openssl-dev
[...]
root@85ab7a0efe7c:/# curl-config --version
libcurl 7.88.1
root@85ab7a0efe7c:/# curl-config --ca
/etc/ssl/certs/ca-certificates.crt
taf2 commented 4 days ago

Wonder if the double quote PR helps here?