Page MenuHomeFreeBSD
Differential D49120

lang/rust: Make OpenSSL use the system default truststore in Cargo
ClosedPublic
Actions

Authored by michaelo on Feb 24 2025, 10:59 AM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Mar 23, 8:35 AM
Unknown Object (File)
Fri, Mar 21, 6:38 AM
Unknown Object (File)
Sat, Mar 15, 5:27 AM
Unknown Object (File)
Fri, Mar 7, 5:53 PM
Unknown Object (File)
Fri, Mar 7, 12:41 AM
Unknown Object (File)
Mar 3 2025, 9:07 PM
Unknown Object (File)
Mar 3 2025, 5:37 PM
Unknown Object (File)
Mar 3 2025, 1:58 PM
View All 9 Files
Subscribers
ziaee

Details

Reviewers
jrm
otis
mikael
Group Reviewers
rust
Commits
R11:093b0eb52a7e: lang/rust: Make OpenSSL use the system default truststore in Cargo
R11:078082660317: lang/rust: Make OpenSSL use the system default truststore in Cargo
Summary

Cargo uses curl-rust and git2-rs (which uses curl-rest as well).
Unfortunately, git2-rs calls openssl_probe::init_ssl_cert_env_vars()
unconditionally which breaks the process environment by setting an invalid
value for SSL_CERT_DIR and then the system default truststore is circumvented,
resulting in certificate validation errors even if certlctl(8) manages
everything nicely.

Upstream issues:

Diff Detail

Repository
R11 FreeBSD ports repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

michaelo created this revision.Feb 24 2025, 10:59 AM
Herald added a subscriber: ziaee. · View Herald TranscriptFeb 24 2025, 10:59 AM
michaelo requested review of this revision.Feb 24 2025, 10:59 AM
Harbormaster completed remote builds in B62613: Diff 151396.Feb 24 2025, 10:59 AM
michaelo added a reviewer: rust.Feb 24 2025, 10:59 AM
michaelo mentioned this in D49130: certctl: Add support for generating a certificate bundle (CAfile).Feb 26 2025, 8:04 AM
michaelo added a comment.Thu, Mar 6, 9:59 AM

Rust maintainers, please have a look. This is quite annoying issue especially because it is hard to diagnose from a high level perspective.

mikael accepted this revision.Fri, Mar 7, 1:16 PM
This revision is now accepted and ready to land.Fri, Mar 7, 1:16 PM
michaelo added a comment.Fri, Mar 7, 5:12 PM

Hope to remove patch when upstream accepts it.

michaelo added a comment.Fri, Mar 7, 5:14 PM

Mentors, any opinion?

jrm accepted this revision.Fri, Mar 7, 5:32 PM
Closed by commit R11:078082660317: lang/rust: Make OpenSSL use the system default truststore in Cargo (authored by michaelo). · Explain WhyFri, Mar 7, 5:45 PM
This revision was automatically updated to reflect the committed changes.
michaelo added a commit: R11:078082660317: lang/rust: Make OpenSSL use the system default truststore in Cargo.
michaelo added a commit: R11:093b0eb52a7e: lang/rust: Make OpenSSL use the system default truststore in Cargo.Fri, Mar 7, 6:02 PM

Revision Contents
Changeset List

PathSize
lang/
rust/
2 lines
files/
18 lines

Diff 152031

View Options

lang/rust/Makefile

Loading...
View Options

lang/rust/files/patch-vendor_git2-0.19.0_src_lib.rs

Loading...