Bug 728562
Summary: | download fails if /etc/pki/nssdb is an empty directory (CURLOPT_SSL_VERIFYPEER set to 0) | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Ales Kozumplik <akozumpl> | ||||
Component: | curl | Assignee: | Kamil Dudka <kdudka> | ||||
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | rawhide | CC: | jzeleny, kdudka, paul | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | curl-7.21.3-11.fc15 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | |||||||
: | 772642 (view as bug list) | Environment: | |||||
Last Closed: | 2011-09-07 03:38:06 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 772642 | ||||||
Attachments: |
|
Description
Ales Kozumplik
2011-08-05 15:31:00 UTC
Please try to set $SSL_DIR to a non-directory. Does it solve the problem for Anaconda? (In reply to comment #1) > Please try to set $SSL_DIR to a non-directory. Does it solve the problem for > Anaconda? I can reproduce this in F15 on a running system, this is not isolated to Anaconda (though it's a lot more plausible to have empty nssdb there). Answer is no: [akozumpl@aklab ~/projects/curltest]$ export SSL_DIR='/etc/vimrc' [akozumpl@aklab ~/projects/curltest]$ ./a.out Problem with the SSL CA cert (path? access rights?) Any idea why I get a different result with your sample program? $ SSL_DIR=/etc/vimrc ./a.out $ SSL_DIR=/etc ./a.out Problem with the SSL CA cert (path? access rights?) My plan was to improve the certdir check to look for certain files as the check for the directory itself did not seem to be sufficient. Now it looks like there are some other problems involved? (In reply to comment #3) > Any idea why I get a different result with your sample program? > > $ SSL_DIR=/etc/vimrc ./a.out > $ SSL_DIR=/etc ./a.out > Problem with the SSL CA cert (path? access rights?) > > My plan was to improve the certdir check to look for certain files as the check > for the directory itself did not seem to be sufficient. Now it looks like > there are some other problems involved? No clue, this is the output on my machine: [akozumpl@aklab ~/projects/curltest]$ SSL_DIR=/etc/vimrc ./a.out Problem with the SSL CA cert (path? access rights?) The versions are: curl-7.21.3-8.fc15.x86_64 libcurl-7.21.3-8.fc15.x86_64 libcurl-devel-7.21.3-8.fc15.x86_64 You probably are working closer to rawhide so it could make sense to do your fix there and let me retest in F16 Anaconda once the package reaches the repos? Ales, you are right, the current handling of $SSL_DIR is stupid. If the given path is not a directory, it falls back to the built-in path (/etc/pki/nssdb) ... and if the built-in path is a directory with no valid NSS database, it breaks. As a workaround, you can set $SSL_DIR to a valid NSS database, which does not need to be the system one. I have proposed a patch upstream to initialize NSS with no database in case the selected database is broken: http://thread.gmane.org/gmane.comp.web.curl.library/32627 fixed in curl-7.21.7-3.fc17 curl-7.21.3-10.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/curl-7.21.3-10.fc15 curl-7.21.7-3.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/curl-7.21.7-3.fc16 Package curl-7.21.7-3.fc16: * should fix your issue, * was pushed to the Fedora 16 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing curl-7.21.7-3.fc16' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/curl-7.21.7-3.fc16 then log in and leave karma (feedback). curl-7.21.7-4.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report. curl-7.21.3-11.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report. |