Page MenuHomeFreeBSD
Differential D49120

lang/rust: Make OpenSSL use the system default truststore in Cargo
ClosedPublic
Actions

Authored by michaelo on Feb 24 2025, 10:59 AM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Jun 13, 11:07 AM
Unknown Object (File)
Sat, Jun 6, 10:41 PM
Unknown Object (File)
Thu, Jun 4, 5:16 PM
Unknown Object (File)
May 15 2026, 11:19 AM
Unknown Object (File)
May 14 2026, 6:17 PM
Unknown Object (File)
May 14 2026, 5:19 PM
Unknown Object (File)
May 14 2026, 5:19 PM
Unknown Object (File)
May 12 2026, 11:53 AM
View All 100 Files
Subscribers
ziaee

Details

Reviewers
jrm
otis
mikael
Group Reviewers
rust
Commits
R11:093b0eb52a7e: lang/rust: Make OpenSSL use the system default truststore in Cargo
R11:078082660317: lang/rust: Make OpenSSL use the system default truststore in Cargo
Summary

Cargo uses curl-rust and git2-rs (which uses curl-rest as well).
Unfortunately, git2-rs calls openssl_probe::init_ssl_cert_env_vars()
unconditionally which breaks the process environment by setting an invalid
value for SSL_CERT_DIR and then the system default truststore is circumvented,
resulting in certificate validation errors even if certlctl(8) manages
everything nicely.

Upstream issues:

Diff Detail

Repository
R11 FreeBSD ports repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

michaelo created this revision.Feb 24 2025, 10:59 AM
Herald added a subscriber: ziaee. · View Herald TranscriptFeb 24 2025, 10:59 AM
michaelo requested review of this revision.Feb 24 2025, 10:59 AM
Harbormaster completed remote builds in B62613: Diff 151396.Feb 24 2025, 10:59 AM
michaelo added a reviewer: rust.Feb 24 2025, 10:59 AM
michaelo mentioned this in D49130: certctl: Add support for generating a certificate bundle (CAfile).Feb 26 2025, 8:04 AM
michaelo added a comment.Mar 6 2025, 9:59 AM

Rust maintainers, please have a look. This is quite annoying issue especially because it is hard to diagnose from a high level perspective.

mikael accepted this revision.Mar 7 2025, 1:16 PM
This revision is now accepted and ready to land.Mar 7 2025, 1:16 PM
michaelo added a comment.Mar 7 2025, 5:12 PM

Hope to remove patch when upstream accepts it.

michaelo added a comment.Mar 7 2025, 5:14 PM

Mentors, any opinion?

jrm accepted this revision.Mar 7 2025, 5:32 PM
Closed by commit R11:078082660317: lang/rust: Make OpenSSL use the system default truststore in Cargo (authored by michaelo). · Explain WhyMar 7 2025, 5:45 PM
This revision was automatically updated to reflect the committed changes.
michaelo added a commit: R11:078082660317: lang/rust: Make OpenSSL use the system default truststore in Cargo.
michaelo added a commit: R11:093b0eb52a7e: lang/rust: Make OpenSSL use the system default truststore in Cargo.Mar 7 2025, 6:02 PM

Revision Contents
Changeset List

PathSize
lang/
rust/
2 lines
files/
18 lines

Diff 152031

View Options

lang/rust/Makefile

Loading...
View Options

lang/rust/files/patch-vendor_git2-0.19.0_src_lib.rs

Loading...