Fix TLS connections by explicitly setting CERT_LOCATION and release 0.27.7+dfsg.1-0.2co1
Trying to build a rust crate with cargo
was resulting in the error
below:
error: failed to resolve patches for `https://github.com/rust-lang/crates.io-index`
Caused by:
the SSL certificate is invalid: 0x08 - The certificate is not correctly signed by the trusted CA; class=Ssl (16); code=Certificate (-17)
It was tyracked down to an issue with the libgit2-27
package in
Apertis since the matching package from Debian worked fine.
Looking at the build logs, Apertis had:
Unable to find OpenSSL executable. Please provide default certificate location via CERT_LOCATION
While the Debian buster build log had:
CERT_LOCATION, using certificates from /usr/lib/ssl/certs/ca-certificates.crt
Apparently, the Debian buildd have openssl
installed as a dependency
of ca-certificates
while Apertis does not.
However, the version 0.28.4+dfsg.1-3 from Debian ships a fix to deal properly with the setting, and this commit cherry-picks the changes Dan Nicholson nicholson@endlessm.com: https://salsa.debian.org/debian/libgit2/-/commit/1f5366ed757afd0cb7bd16fcf6ad775b2614c9af
Use mbedTLS with standard CA certificate location (Closes: #927889)
Specify mbedTLS for https for both builds and pass in the standard certificate location since it otherwise fails to set a certificate path if openssl and ca-certificates are not installed at build time.