Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The SSL certificate is invalid on sparc64 when cargo is fetching the index #6471

Open
nagisa opened this issue Dec 21, 2018 · 3 comments
Open

The SSL certificate is invalid on sparc64 when cargo is fetching the index #6471

nagisa opened this issue Dec 21, 2018 · 3 comments
Labels
A-networking Area: networking issues, curl, etc. C-bug Category: bug S-triage Status: This issue is waiting on initial triage.

Comments

@nagisa
Copy link
Member

nagisa commented Dec 21, 2018

Problem

It appears that there might be some bug in how cargo does its certificate validation on sparc64. It possibly may extend to other big-endian systems as well, but I haven’t been able to verify it (on both mips64 and ppc64 things I have access to the glibc is too old for rustup).

$ cargo update
    Updating crates.io index
error: failed to load source for a dependency on `cc`                                                                                                                                                                                          

Caused by:
  Unable to update registry `https://github.com/rust-lang/crates.io-index`

Caused by:
  failed to fetch `https://github.com/rust-lang/crates.io-index`

Caused by:
  the SSL certificate is invalid: 0x08 - The certificate is not correctly signed by the trusted CA; class=Ssl (16); code=Certificate (-17)
$ git clone https://github.com/rust-lang/crates.io-index
Cloning into 'crates.io-index'...
remote: Enumerating objects: 247, done.
remote: Counting objects: 100% (247/247), done.
remote: Compressing objects: 100% (233/233), done.
remote: Total 627507 (delta 123), reused 124 (delta 0), pack-reused 627260
Receiving objects: 100% (627507/627507), 128.29 MiB | 7.89 MiB/s, done.
Resolving deltas: 100% (412075/412075), done.
Checking out files: 100% (21150/21150), done.
$ curl 'https://crates.io/'
{"errors":[{"detail":"Not Found"}]}

Steps

  1. On a SPARC64-based machine update the cargo index (by trying to build a rust library for the first time)

Possible Solution(s)

  1. Figure out and fix the SSL issues;
  2. Provide some way to disable certificate checking temporarily;
  3. Make it easy to check-out the index manually...

Notes

$ cargo version
cargo 1.30.0
$ uname -a
Linux gcc202 4.19.0-rc7-sparc64-smp #1 SMP Debian 4.19~rc7-1~exp1 (2018-10-07) sparc64 GNU/Linux
$ ldd $(which cargo)
	linux-vdso.so.1 (0xfff800010002e000)
	libgit2.so.27 => /usr/lib/sparc64-linux-gnu/libgit2.so.27 (0xfff8000100c18000)
	libssh2.so.1 => /usr/lib/sparc64-linux-gnu/libssh2.so.1 (0xfff8000100dec000)
	libcurl-gnutls.so.4 => /usr/lib/sparc64-linux-gnu/libcurl-gnutls.so.4 (0xfff8000100f18000)
	libssl.so.1.1 => /usr/lib/sparc64-linux-gnu/libssl.so.1.1 (0xfff8000101098000)
	libcrypto.so.1.1 => /usr/lib/sparc64-linux-gnu/libcrypto.so.1.1 (0xfff8000101224000)
	libz.so.1 => /lib/sparc64-linux-gnu/libz.so.1 (0xfff80001015b8000)
	libdl.so.2 => /lib/sparc64-linux-gnu/libdl.so.2 (0xfff80001016d8000)
	librt.so.1 => /lib/sparc64-linux-gnu/librt.so.1 (0xfff80001017e0000)
	libpthread.so.0 => /lib/sparc64-linux-gnu/libpthread.so.0 (0xfff80001018ec000)
	libgcc_s.so.1 => /lib/sparc64-linux-gnu/libgcc_s.so.1 (0xfff8000101a0c000)
	libc.so.6 => /lib/sparc64-linux-gnu/libc.so.6 (0xfff8000101b20000)
	/lib64/ld-linux.so.2 (0xfff8000100000000)
	libm.so.6 => /lib/sparc64-linux-gnu/libm.so.6 (0xfff8000101d8c000)
	libmbedtls.so.12 => /usr/lib/sparc64-linux-gnu/libmbedtls.so.12 (0xfff8000101f70000)
	libmbedx509.so.0 => /usr/lib/sparc64-linux-gnu/libmbedx509.so.0 (0xfff800010209c000)
	libmbedcrypto.so.3 => /usr/lib/sparc64-linux-gnu/libmbedcrypto.so.3 (0xfff80001021b0000)
	libhttp_parser.so.2.8 => /usr/lib/sparc64-linux-gnu/libhttp_parser.so.2.8 (0xfff8000102310000)
	libgssapi_krb5.so.2 => /usr/lib/sparc64-linux-gnu/libgssapi_krb5.so.2 (0xfff800010241c000)
	libkrb5.so.3 => /usr/lib/sparc64-linux-gnu/libkrb5.so.3 (0xfff8000102560000)
	libk5crypto.so.3 => /usr/lib/sparc64-linux-gnu/libk5crypto.so.3 (0xfff800010272c000)
	libcom_err.so.2 => /lib/sparc64-linux-gnu/libcom_err.so.2 (0xfff8000102860000)
	libgcrypt.so.20 => /lib/sparc64-linux-gnu/libgcrypt.so.20 (0xfff8000102968000)
	libnghttp2.so.14 => /usr/lib/sparc64-linux-gnu/libnghttp2.so.14 (0xfff8000102b2c000)
	libidn2.so.0 => /usr/lib/sparc64-linux-gnu/libidn2.so.0 (0xfff8000102c50000)
	librtmp.so.1 => /usr/lib/sparc64-linux-gnu/librtmp.so.1 (0xfff8000102d70000)
	libpsl.so.5 => /usr/lib/sparc64-linux-gnu/libpsl.so.5 (0xfff8000102e8c000)
	libnettle.so.6 => /usr/lib/sparc64-linux-gnu/libnettle.so.6 (0xfff8000102fa0000)
	libgnutls.so.30 => /usr/lib/sparc64-linux-gnu/libgnutls.so.30 (0xfff80001030dc000)
	libldap_r-2.4.so.2 => /usr/lib/sparc64-linux-gnu/libldap_r-2.4.so.2 (0xfff8000103330000)
	liblber-2.4.so.2 => /usr/lib/sparc64-linux-gnu/liblber-2.4.so.2 (0xfff8000103480000)
	libmbedcrypto.so.1 => /usr/lib/sparc64-linux-gnu/libmbedcrypto.so.1 (0xfff8000103590000)
	libkrb5support.so.0 => /usr/lib/sparc64-linux-gnu/libkrb5support.so.0 (0xfff80001036f0000)
	libkeyutils.so.1 => /lib/sparc64-linux-gnu/libkeyutils.so.1 (0xfff80001037fc000)
	libresolv.so.2 => /lib/sparc64-linux-gnu/libresolv.so.2 (0xfff8000103904000)
	libgpg-error.so.0 => /lib/sparc64-linux-gnu/libgpg-error.so.0 (0xfff8000103a1c000)
	libunistring.so.2 => /usr/lib/sparc64-linux-gnu/libunistring.so.2 (0xfff8000103b3c000)
	libhogweed.so.4 => /usr/lib/sparc64-linux-gnu/libhogweed.so.4 (0xfff8000103dbc000)
	libgmp.so.10 => /usr/lib/sparc64-linux-gnu/libgmp.so.10 (0xfff8000103ef0000)
	libp11-kit.so.0 => /usr/lib/sparc64-linux-gnu/libp11-kit.so.0 (0xfff8000104068000)
	libtasn1.so.6 => /usr/lib/sparc64-linux-gnu/libtasn1.so.6 (0xfff8000104284000)
	libsasl2.so.2 => /usr/lib/sparc64-linux-gnu/libsasl2.so.2 (0xfff8000104398000)
	libffi.so.6 => /usr/lib/sparc64-linux-gnu/libffi.so.6 (0xfff80001044b4000)
@nagisa nagisa added the C-bug Category: bug label Dec 21, 2018
@nagisa
Copy link
Member Author

nagisa commented Dec 22, 2018

Once I cloned the index manually

git clone https://github.com/rust-lang/crates.io-index ~/.cargo/registry/index/github.com-eae4ba8cbf2ce1c7

it now works well.

@BurntSushi BurntSushi mentioned this issue Jan 4, 2019
Closed
@glaubitz
Copy link

glaubitz commented Jan 4, 2019
edited
Loading

@nagisa I can work around this problem by building cargo from source. For me, it affects only Debian's cargo package. Once I built cargo from source and placed it into my path, the problem goes away.

CC @jrtc27

@ehuss ehuss added the A-networking Area: networking issues, curl, etc. label May 20, 2019
@glaubitz
Copy link

glaubitz commented Aug 8, 2019

I made an interesting observation, the problem does not show up when running cargo as root.

It also does not show when switching to my user from root without a login shell:

root@gcc202:~# su glaubitz  
glaubitz@gcc202:/root$ cd
glaubitz@gcc202:~$ cd rust
glaubitz@gcc202:~/rust$ ./x.py build 
Updating only changed submodules
Submodules updated in 0.06 seconds
    Updating crates.io index
^C
Build completed unsuccessfully in 0:00:02
glaubitz@gcc202:~/rust$ exit
root@gcc202:~# su - glaubitz
glaubitz@gcc202:~$ cd rust
glaubitz@gcc202:~/rust$ ./x.py build
Updating only changed submodules
Submodules updated in 0.06 seconds
    Updating crates.io index
error: failed to fetch `https://github.com/rust-lang/crates.io-index`

Caused by:
  the SSL certificate is invalid: 0x08 - The certificate is not correctly signed by the trusted CA; class=Ssl (16); code=Certificate (-17)
failed to run: /usr/bin/cargo build --manifest-path /home/glaubitz/rust/src/bootstrap/Cargo.toml
Build completed unsuccessfully in 0:00:00
glaubitz@gcc202:~/rust$ logout
root@gcc202:~#

And, on top of that, it doesn't show on a second Linux/sparc64 porterbox. Could be a configuration after all.

@ehuss ehuss added A-registry-authentication Area: registry authentication and authorization (authn authz) and removed A-registry-authentication Area: registry authentication and authorization (authn authz) labels Dec 11, 2022
@epage epage added the S-triage Status: This issue is waiting on initial triage. label Oct 30, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-networking Area: networking issues, curl, etc. C-bug Category: bug S-triage Status: This issue is waiting on initial triage.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ehuss @epage @nagisa @glaubitz