Unable to update my cargo package - ssl error

ansible · March 27, 2016, 3:00pm

I'm trying to put up a new version of my cargo package. cargo package --verbose gives me this error:

   Verifying oscpad v0.1.1 (file:///home/bburdette/code/oscpad)
    Updating registry `https://github.com/rust-lang/crates.io-index`
failed to verify package tarball

Caused by:
  Unable to update registry https://github.com/rust-lang/crates.io-index

Caused by:
  failed to fetch `https://github.com/rust-lang/crates.io-index`

Caused by:
  [16/-17] The SSL certificate is invalid

Cargo publish has similar results:

[nix-shell:~/code/oscpad]$ cargo publish --verbose
    Updating registry `https://github.com/rust-lang/crates.io-index`
failed to update registry https://github.com/rust-lang/crates.io-index

Caused by:
  failed to fetch `https://github.com/rust-lang/crates.io-index`

Caused by:
  [16/-17] The SSL certificate is invalid

[nix-shell:~/code/oscpad]$

eminence · March 28, 2016, 1:29am

I think your machine's CA bundle is old/out of date and should be updated. If you can provide some details about your linux distribution, we can provide more specific details

ansible · March 28, 2016, 3:47am

That's what I gather from some googling. I'm on nixos. I ran an update today but it didn't help. Going to see about contacting nixos-ers on IRC, right now its pretty deserted there.

ansible · March 29, 2016, 6:40pm

more info on this: wget fails with a similar error. However, I'm able to specify a certificate file (one already on my system) with wget and it works:

wget --ca-certificate=/etc/ssl/certs/ca-certificates.crt https://github.com/rust-lang/crates.io-index

As far as I can tell, there's no similar option for cargo. I wonder how cargo goes about locating the crt file?

jethrogb · March 30, 2016, 5:54am

cargo uses cURL for its TLS communication. Unfortunately, cURL has many different and platform-dependent ways to find the certificate store: curl - SSL CA Certificates. It seems you should be able to override it with the CURL_CA_BUNDLE environment variable though.

ansible · March 30, 2016, 6:00am

Thanks jethrogb! I found a bug on nixos that indicated SSL_CERT_FILE needs to be defined, and that fact that it isn't is a problem for more people than just me. I put the lines below in my .bashrc and now cargo package/publish are working again.

SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt
export SSL_CERT_FILE

Ericson2314 · June 25, 2016, 5:35am

unset SSL_CERT_FILE may also solve problem if you were in nix-shell.

Topic		Replies	Views
[Solved] SSL certificate error when running cargo update help	2	2444	January 12, 2023
Cargo update error help	5	898	February 9, 2020
Cargo outdated -- certificate problem	4	2895	May 14, 2022
Cargo unable to update registry with "wrong pack signature" help	9	1159	October 8, 2022
Updating crates.io index failed help	9	1641	May 22, 2023

Unable to update my cargo package - ssl error

Related Topics