R libcurl does not recognize server certs

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

R libcurl does not recognize server certs

Roman, John
Dirk,
ive changed the subject given the nature of the present debugging.  Im aware i can extend extras from download.file to install.packages however
im curious to know why libcurl in the R invocation does not honor the CA bundle on my system.

how would I pass a CA bundle to install.packages?  the function has numerous arguments before the extras are taken.

John Roman
Linux System Administrator
RAND Corporation
[hidden email]
X7302

________________________________________
From: Dirk Eddelbuettel [[hidden email]] on behalf of Dirk Eddelbuettel [[hidden email]]
Sent: Monday, March 27, 2017 11:33 AM
To: Roman, John
Cc: Dirk Eddelbuettel; [hidden email]
Subject: RE: [Rd] R fails to read repo index on NGINX

On 27 March 2017 at 18:27, Roman, John wrote:
| Thank you for your elaboration.  This issue is related to curl trusting a CA cert as its called by R.
| curl called from bash recognizes the system cert bundle for CA's, curl called from R does not.
|
| may I know how to trust the system certificate bundle from within R?

See 'help(download.file)' -- it's a little hidden but you can just make the
external curl (which, as you say, works in your particular circumstances) the
default for remote file access from R too.

Next time please try to be a little more specific with your questions and
their subject line.  Methinks nothing here has anything to do with the httpd
server you employ.

Dirk

--
http://dirk.eddelbuettel.com | @eddelbuettel | [hidden email]


__________________________________________________________________________

This email message is for the sole use of the intended r...{{dropped:6}}

______________________________________________
[hidden email] mailing list
https://stat.ethz.ch/mailman/listinfo/r-devel
Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: R libcurl does not recognize server certs

Morgan, Martin
On 03/27/2017 03:09 PM, Roman, John wrote:
> Dirk,
> ive changed the subject given the nature of the present debugging.  Im aware i can extend extras from download.file to install.packages however
> im curious to know why libcurl in the R invocation does not honor the CA bundle on my system.
>
> how would I pass a CA bundle to install.packages?  the function has numerous arguments before the extras are taken.
>

A little shot-in-the-dark but on Linux I have

$ curl-config --ca
/etc/ssl/certs/ca-certificates.crt

and in R ?download.file I'm told (the documentation may read as
window-specific, but I don't think that's the case)

      set environment variable 'CURL_CA_BUNDLE' to the path to a
      certificate bundle file, usually named 'ca-bundle.crt' or
      'curl-ca-bundle.crt'.  (This is normally done for a binary

So if I were having trouble I might say (or set the environment variable
in some other way, e.g., as part of an alias to R)

 > Sys.setenv(CURL_CA_BUNDLE="/etc/ssl/certs/ca-certificates.crt")
 > download.file("https://, tempfile())

Maybe with more info about your OS and R installation a more transparent
solution would offer itself; I'd guess that the bundle location is
inferred when R is built from source, and somehow there has been a
disconnect between your R installation and certificate location, e.g.,
moving the certificate location after R installation.

Martin Morgan

> John Roman
> Linux System Administrator
> RAND Corporation
> [hidden email]
> X7302
>
> ________________________________________
> From: Dirk Eddelbuettel [[hidden email]] on behalf of Dirk Eddelbuettel [[hidden email]]
> Sent: Monday, March 27, 2017 11:33 AM
> To: Roman, John
> Cc: Dirk Eddelbuettel; [hidden email]
> Subject: RE: [Rd] R fails to read repo index on NGINX
>
> On 27 March 2017 at 18:27, Roman, John wrote:
> | Thank you for your elaboration.  This issue is related to curl trusting a CA cert as its called by R.
> | curl called from bash recognizes the system cert bundle for CA's, curl called from R does not.
> |
> | may I know how to trust the system certificate bundle from within R?
>
> See 'help(download.file)' -- it's a little hidden but you can just make the
> external curl (which, as you say, works in your particular circumstances) the
> default for remote file access from R too.
>
> Next time please try to be a little more specific with your questions and
> their subject line.  Methinks nothing here has anything to do with the httpd
> server you employ.
>
> Dirk
>
> --
> http://dirk.eddelbuettel.com | @eddelbuettel | [hidden email]
>
>
> __________________________________________________________________________
>
> This email message is for the sole use of the intended...{{dropped:10}}

______________________________________________
[hidden email] mailing list
https://stat.ethz.ch/mailman/listinfo/r-devel
Loading...