I'm trying to put up a new version of my cargo package. cargo package --verbose gives me this error:
Verifying oscpad v0.1.1 (file:///home/bburdette/code/oscpad)
Updating registry `https://github.com/rust-lang/crates.io-index`
failed to verify package tarball
Caused by:
Unable to update registry https://github.com/rust-lang/crates.io-index
Caused by:
failed to fetch `https://github.com/rust-lang/crates.io-index`
Caused by:
[16/-17] The SSL certificate is invalid
Cargo publish has similar results:
[nix-shell:~/code/oscpad]$ cargo publish --verbose
Updating registry `https://github.com/rust-lang/crates.io-index`
failed to update registry https://github.com/rust-lang/crates.io-index
Caused by:
failed to fetch `https://github.com/rust-lang/crates.io-index`
Caused by:
[16/-17] The SSL certificate is invalid
[nix-shell:~/code/oscpad]$
I think your machine's CA bundle is old/out of date and should be updated. If you can provide some details about your linux distribution, we can provide more specific details
That's what I gather from some googling. I'm on nixos. I ran an update today but it didn't help. Going to see about contacting nixos-ers on IRC, right now its pretty deserted there.
1 Like
more info on this: wget fails with a similar error. However, I'm able to specify a certificate file (one already on my system) with wget and it works:
wget --ca-certificate=/etc/ssl/certs/ca-certificates.crt https://github.com/rust-lang/crates.io-index
As far as I can tell, there's no similar option for cargo. I wonder how cargo goes about locating the crt file?
cargo uses cURL for its TLS communication. Unfortunately, cURL has many different and platform-dependent ways to find the certificate store: curl - SSL CA Certificates. It seems you should be able to override it with the CURL_CA_BUNDLE
environment variable though.
Thanks jethrogb! I found a bug on nixos that indicated SSL_CERT_FILE needs to be defined, and that fact that it isn't is a problem for more people than just me. I put the lines below in my .bashrc and now cargo package/publish are working again.
SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt
export SSL_CERT_FILE
unset SSL_CERT_FILE
may also solve problem if you were in nix-shell.