Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[package] libcurl/7.80.0: "unable to get local issuer certificate" following some update to the package #13910

Closed
LunarWatcher opened this issue Nov 1, 2022 · 2 comments · Fixed by #13914
Closed

[package] libcurl/7.80.0: "unable to get local issuer certificate" following some update to the package #13910

LunarWatcher opened this issue Nov 1, 2022 · 2 comments · Fixed by #13914
Labels
bug Something isn't working

Comments

@LunarWatcher
Copy link
Contributor

LunarWatcher commented Nov 1, 2022
edited
Loading

Description

I recently tried moving a project of mine over to a different server. To make a painfully long story short, the code, which relies on cpr/1.9.0, fails with "SSL certificate problem: unable to get local issuer certificate", which is a problem caused by libcurl. It seems that this commit caused cacert.pem to no longer appear in the source directory (in ~/.conan/data).

While I'm sure there's reasons for that, the way it's currently set up doesn't seem to allow libcurl to detect cacert.pem's new hidden location at all, causing the certificate failures currently preventing one of my projects from deploying

Package and Environment Details

  • Package Name/Version: libcurl/7.80.0 via cpr/1.9.0
  • Operating System+version: Ubuntu Server 22.10, Raspbian (Debian GNU/Linux 11), Linux Mint 21
  • Compiler+version: GCC 10, Clang 15, clang 14, GCC 11
  • Docker image: N/A
  • Conan version: conan 1.52.0, 1.53.0
  • Python version: Python 3.10.7, 3.10.6, 3.9.2

Conan profile

[settings]
os=Linux
os_build=Linux
arch=x86_64
arch_build=x86_64
compiler=clang
compiler.version=15
compiler.libcxx=libstdc++11
build_type=Release
[options]
[conf]
[build_requires]
[env]

[settings]
os=Linux
os_build=Linux
arch=x86_64
arch_build=x86_64
compiler=clang
compiler.version=12
compiler.libcxx=libstdc++
build_type=Release
[options]
[conf]
[build_requires]
[env]

[settings]
os=Linux
os_build=Linux
arch=armv8
arch_build=armv8
compiler=gcc
compiler.version=10
compiler.libcxx=libstdc++
build_type=Release
[options]
[conf]
tools.build:jobs=1
[build_requires]
[env]

(plus a few other compiler configurations I don't have readily available)

Steps to reproduce

Demo project:

cmake_minimum_required(VERSION 3.10)
project(bad-libcurl)

set (CMAKE_CXX_STANDARD 20)

if(NOT EXISTS "${CMAKE_BINARY_DIR}/conan.cmake")
  message(STATUS "Downloading conan.cmake from https://github.com/conan-io/cmake-conan")
  file(DOWNLOAD "https://raw.githubusercontent.com/conan-io/cmake-conan/0.18.1/conan.cmake"
                "${CMAKE_BINARY_DIR}/conan.cmake"
                TLS_VERIFY ON)
endif()

include(${CMAKE_BINARY_DIR}/conan.cmake)

conan_cmake_configure (REQUIRES 
                        cpr/1.9.0
                        GENERATORS cmake)
conan_cmake_autodetect (settings)
conan_cmake_install (PATH_OR_REFERENCE . BUILD missing SETTINGS ${settings})

include(${CMAKE_BINARY_DIR}/conanbuildinfo.cmake)
conan_basic_setup()

add_executable(bad-libcurl Main.cpp)
target_include_directories(bad-libcurl PUBLIC ./)
target_include_directories(bad-libcurl PUBLIC ${CONAN_INCLUDE_DIRS})

target_link_libraries(bad-libcurl ${CONAN_LIBS})
# vim:ft=cmake
#include "cpr/cpr.h"
#include <iostream>

int main() {
    auto r = cpr::Get(cpr::Url{"https://example.com"});
    std::cerr << "Fail: " << r.error.message << std::endl;
}

Commands:

# Required to clear the environment; I do not recommend running this if you have projects relying on a functioning curl via conan. 
# Use isolated or expect breakage. A brand new environment also works as a substitute to this particular command
rm -rf ~/.conan/data/libcurl
cmake .
make && ./bin/bad-libcurl

Logs

[ 50%] Building CXX object CMakeFiles/bad-libcurl.dir/Main.cpp.o
[100%] Linking CXX executable bin/bad-libcurl
[100%] Built target bad-libcurl
Fail: SSL certificate problem: unable to get local issuer certificate
@LunarWatcher LunarWatcher added the bug Something isn't working label Nov 1, 2022
@SpaceIm
Copy link
Contributor

SpaceIm commented Nov 1, 2022
edited
Loading

These options were introduced in #10922, with None as default values (while "auto" is the default value upstream), but with a weird way to map values to underlying CMake & autotools build systems, so the issue was neutralized in a sense. Then in #13684 I've fixed this mapping logic, introducing the hidden issue of previous PR I guess.

So I guess we have to change default value of these options to "auto":

https://github.com/curl/curl/blob/3b9af11c77d63257bada499f1d164542eda02e80/CMakeLists.txt#L880-L909
https://github.com/curl/curl/blob/eb33ccd5332435fa50f1758e5debb869c6942b7f/acinclude.m4#L1486-L1644

/cc @chenpengfei @uilianries @SSE4 since you have worked or reviewed #10922, would be nice to explain what was the logic of using None as default value but testing value = False afterwards.

@SpaceIm SpaceIm mentioned this issue Nov 1, 2022
Merged
4 tasks
@SpaceIm
Copy link
Contributor

SpaceIm commented Nov 1, 2022

Could you test whether #13914 fix your issue please?

@LunarWatcher LunarWatcher mentioned this issue Dec 24, 2022
Closed
@dpaulat dpaulat mentioned this issue Nov 10, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
2 participants
@LunarWatcher @SpaceIm