Skip to content

Fix TLS connections by explicitly setting CERT_LOCATION and release 0.27.7+dfsg.1-0.2co1

Emanuele Aina requested to merge wip/em/fix-cert-location into apertis/v2021dev2

Trying to build a rust crate with cargo was resulting in the error below:

error: failed to resolve patches for `https://github.com/rust-lang/crates.io-index`

Caused by:
  the SSL certificate is invalid: 0x08 - The certificate is not correctly signed by the trusted CA; class=Ssl (16); code=Certificate (-17)

It was tyracked down to an issue with the libgit2-27 package in Apertis since the matching package from Debian worked fine.

Looking at the build logs, Apertis had:

Unable to find OpenSSL executable. Please provide default certificate location via CERT_LOCATION

While the Debian buster build log had:

CERT_LOCATION, using certificates from /usr/lib/ssl/certs/ca-certificates.crt

Apparently, the Debian buildd have openssl installed as a dependency of ca-certificates while Apertis does not.

However, the version 0.28.4+dfsg.1-3 from Debian ships a fix to deal properly with the setting, and this commit cherry-picks the changes Dan Nicholson nicholson@endlessm.com: https://salsa.debian.org/debian/libgit2/-/commit/1f5366ed757afd0cb7bd16fcf6ad775b2614c9af

Use mbedTLS with standard CA certificate location (Closes: #927889)

Specify mbedTLS for https for both builds and pass in the standard certificate location since it otherwise fails to set a certificate path if openssl and ca-certificates are not installed at build time.

Merge request reports

Loading