Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider reading the value of SSL_CERT_FILE #22

Closed
Konubinix opened this issue Aug 30, 2022 · 4 comments · Fixed by #23
Closed

Consider reading the value of SSL_CERT_FILE #22

Konubinix opened this issue Aug 30, 2022 · 4 comments · Fixed by #23

Comments

@Konubinix
Copy link

Hi.

I was playing with a tool called tezos-client, written in ocaml to communicate with a local development tezos node, using self signed certificates.

Although SSL_CERT_FILE points to a correct ca-certificates.crt, I realized that tezos-client did not take it into account.
After some research, I believe that this project is the used dependency to find the certificates. By looking at the code, I guess (I don't know anything about ocaml) that it reads the value of NIX_SSL_CERT_FILE to find out the ca-certificates.crt.

By using export NIX_SSL_CERT_FILE=$SSL_CERT_FILE, I have tezos-client work as expected and I will go on with this workarround for now, but IMHO it would be much better if tezos-client worked OOTB with SSL_CERT_FILE in the first place.

So, here is my suggestion, read the value of SSL_CERT_FILE as well as NIX_SSL_CERT_FILE.

My best
@hannesm
Copy link
Member

hannesm commented Aug 30, 2022

Dear @Konubinix, thanks for your suggestion. Would you mind to point to a specification / documentation of SSL_CERT_FILE?

@Konubinix
Copy link
Author

Konubinix commented Sep 1, 2022 via email

hannesm added a commit to hannesm/ca-certs that referenced this issue Sep 1, 2022
@hannesm
Read the environment variable SSL_CERT_FILE, as proposed in mirage#22
82dde60
@hannesm hannesm mentioned this issue Sep 1, 2022
Merged
@hannesm
Copy link
Member

hannesm commented Sep 1, 2022

Thanks for the links, I opened #23 -- would that work fine for you?

hannesm added a commit to hannesm/ca-certs that referenced this issue Sep 1, 2022
@hannesm
Read the environment variable SSL_CERT_FILE, as proposed in mirage#22
cfbf87f
hannesm added a commit to hannesm/ca-certs that referenced this issue Sep 1, 2022
@hannesm
Read the environment variable SSL_CERT_FILE, as proposed in mirage#22
663fccb
@Konubinix
Copy link
Author

Hi.

I'm not enough at ease with ocaml to tell, but if I understand correctly, it will do the exact same thing with SSL_CERT_FILE than it does with NIX_SSL_CERT_FILE. In that case, yes, it will work for me :-)

hannesm added a commit that referenced this issue Sep 2, 2022
@hannesm
Merge pull request #23 from hannesm/support-ssl-cert-file
ed37d1f 
Read the environment variable SSL_CERT_FILE, as proposed in #22
@hannesm hannesm mentioned this issue Sep 2, 2022
Merged
hannesm added a commit to hannesm/opam-repository that referenced this issue Sep 2, 2022
@hannesm
[new release] ca-certs (0.2.3)
e57d667 
CHANGES:

* Respect the environment variable SSL_CERT_FILE as well (suggested in mirage/ca-certs#22 by
  @Konubinix, fixed in mirage/ca-certs#23 by @hannesm, ok'ed by @sternenseemann)
* Update tests for recent alpine releases (mirage/ca-certs#24 @hannesm, likely fixes mirage/ca-certs#21)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Read the environment variable SSL_CERT_FILE, as proposed in #22 hannesm/ca-certs
2 participants
@hannesm @Konubinix