Page MenuHomeFreeBSD
Differential D49120

lang/rust: Make OpenSSL use the system default truststore in Cargo
ClosedPublic
Actions

Authored by michaelo on Feb 24 2025, 10:59 AM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Dec 24, 5:35 PM
Unknown Object (File)
Wed, Dec 24, 5:35 PM
Unknown Object (File)
Wed, Dec 24, 5:35 PM
Unknown Object (File)
Wed, Dec 24, 5:35 PM
Unknown Object (File)
Fri, Dec 5, 8:33 AM
Unknown Object (File)
Fri, Dec 5, 8:33 AM
Unknown Object (File)
Nov 20 2025, 5:44 AM
Unknown Object (File)
Nov 14 2025, 2:42 AM
View All 63 Files
Subscribers
ziaee

Details

Reviewers
jrm
otis
mikael
Group Reviewers
rust
Commits
R11:093b0eb52a7e: lang/rust: Make OpenSSL use the system default truststore in Cargo
R11:078082660317: lang/rust: Make OpenSSL use the system default truststore in Cargo
Summary

Cargo uses curl-rust and git2-rs (which uses curl-rest as well).
Unfortunately, git2-rs calls openssl_probe::init_ssl_cert_env_vars()
unconditionally which breaks the process environment by setting an invalid
value for SSL_CERT_DIR and then the system default truststore is circumvented,
resulting in certificate validation errors even if certlctl(8) manages
everything nicely.

Upstream issues:

Diff Detail

Repository
R11 FreeBSD ports repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

michaelo created this revision.Feb 24 2025, 10:59 AM
Herald added a subscriber: ziaee. · View Herald TranscriptFeb 24 2025, 10:59 AM
michaelo requested review of this revision.Feb 24 2025, 10:59 AM
Harbormaster completed remote builds in B62613: Diff 151396.Feb 24 2025, 10:59 AM
michaelo added a reviewer: rust.Feb 24 2025, 10:59 AM
michaelo mentioned this in D49130: certctl: Add support for generating a certificate bundle (CAfile).Feb 26 2025, 8:04 AM
michaelo added a comment.Mar 6 2025, 9:59 AM

Rust maintainers, please have a look. This is quite annoying issue especially because it is hard to diagnose from a high level perspective.

mikael accepted this revision.Mar 7 2025, 1:16 PM
This revision is now accepted and ready to land.Mar 7 2025, 1:16 PM
michaelo added a comment.Mar 7 2025, 5:12 PM

Hope to remove patch when upstream accepts it.

michaelo added a comment.Mar 7 2025, 5:14 PM

Mentors, any opinion?

jrm accepted this revision.Mar 7 2025, 5:32 PM
Closed by commit R11:078082660317: lang/rust: Make OpenSSL use the system default truststore in Cargo (authored by michaelo). · Explain WhyMar 7 2025, 5:45 PM
This revision was automatically updated to reflect the committed changes.
michaelo added a commit: R11:078082660317: lang/rust: Make OpenSSL use the system default truststore in Cargo.
michaelo added a commit: R11:093b0eb52a7e: lang/rust: Make OpenSSL use the system default truststore in Cargo.Mar 7 2025, 6:02 PM

Revision Contents
Changeset List

PathSize
lang/
rust/
2 lines
files/
18 lines

Diff 152031

View Options

lang/rust/Makefile

Loading...
View Options

lang/rust/files/patch-vendor_git2-0.19.0_src_lib.rs

Loading...