Cargo: Nightly regression: The SSL certificate is invalid

Created on 28 Nov 2016  路  11Comments  路  Source: rust-lang/cargo

We're having cargo trouble on rust-num/num#243, and it appears to be a new regression in the nightly. Note the initial Travis build succeeded, which was using cargo 0.16.0-nightly (b26d672 2016-11-25). Then several homu builds have all failed using cargo 0.16.0-nightly (3568be9 2016-11-26).

$ cargo build --verbose
    Updating registry `https://github.com/rust-lang/crates.io-index`
error: failed to load source for a dependency on `rand`
Caused by:
  Unable to update registry https://github.com/rust-lang/crates.io-index
Caused by:
  failed to fetch `https://github.com/rust-lang/crates.io-index`
Caused by:
  [16/-17] The SSL certificate is invalid

I confirmed the error locally after updating to the same cargo, running on Fedora 25.

picture cuviper
👍16

Most helpful comment

FWIW, that #598 workaround isn't quite right for Fedora 25 -- instead it's SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt, which is actually a symlink to /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem.

picture cuviper on 29 Nov 2016
👍21

All 11 comments

Lots of people reporting this problem today. cc @alexcrichton

brson picture brson on 29 Nov 2016

On IRC camlorn said the workaround for https://github.com/rust-lang/cargo/issues/598 worked for this too.

brson picture brson on 29 Nov 2016

Fixed in https://github.com/rust-lang/cargo/pull/3342

alexcrichton picture alexcrichton on 29 Nov 2016

FWIW, that #598 workaround isn't quite right for Fedora 25 -- instead it's SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt, which is actually a symlink to /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem.

cuviper picture cuviper on 29 Nov 2016
👍21

The new nightly doesn't include the new Cargo, maybe the nightly build of Cargo is broken?

$ rustup show 
Default host: x86_64-unknown-linux-gnu

installed toolchains
--------------------

stable-x86_64-unknown-linux-gnu
nightly-x86_64-unknown-linux-gnu (default)

active toolchain
----------------

nightly-x86_64-unknown-linux-gnu (default)
rustc 1.15.0-nightly (1c448574b 2016-11-28)

$ cargo --version
cargo 0.16.0-nightly (3568be9 2016-11-26)
tbu- picture tbu- on 30 Nov 2016

A new rust nightly didn't go out, so a new Cargo nightly didn't go out. The fix isn't in nightlies.

alexcrichton picture alexcrichton on 30 Nov 2016

This is also experienced in Arch Linux rolling release. Pretty excited to come find there's a fix on the way.

bunnybooboo picture bunnybooboo on 1 Dec 2016
👍1

New nightly doesn't contain a new cargo, still from 2016-11-26, rustc is from 2016-12-01.

tbu- picture tbu- on 3 Dec 2016
😕4

Ah I can't believe I forgot about that, this is now a rustup issue -- https://github.com/rust-lang-nursery/rustup.rs/issues/844

alexcrichton picture alexcrichton on 3 Dec 2016
👍1

Could you (I think @alexcrichton and @brson) please also do a postmortem on this issue? From what I can see the bug was introduced in libgit2-sys, which was then tagged 0.6.5 but not sufficiently tested. In what places can some more basic tests be added? E.g. testing against a locally running https Git server hosting a crates index seems very useful?

sanmai-NL picture sanmai-NL on 5 Dec 2016

@sanmai-NL yes I can try to write something up when everything is working again. Unfortunately I don't know how to test this, it's a very specific issue that seems like it could greatly complicate the test infrastructure naively at least.

alexcrichton picture alexcrichton on 5 Dec 2016
Was this page helpful?
0 / 5 - 0 ratings

Related issues

dotnetspec picture dotnetspec  路  3Comments
sdroege picture sdroege  路  3Comments
oblique picture oblique  路  3Comments
ckaran picture ckaran  路  3Comments
SimonSapin picture SimonSapin  路  3Comments