226825 – www/aria2: Missing SSL certificates break HTTPS download

Bug 226825 - www/aria2: Missing SSL certificates break HTTPS download

Summary: www/aria2: Missing SSL certificates break HTTPS download

Status:	Closed Not A Bug

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	Po-Chuan Hsieh

URL:
Keywords:

Depends on:
Blocks:

Reported:	2018-03-21 14:36 UTC by Marcel Bischoff
Modified:	2018-04-07 16:42 UTC (History)
CC List:	0 users

See Also:

Flags:	bugzilla: maintainer-feedback? (sunpoet)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcel Bischoff 2018-03-21 14:36:45 UTC

If you run aria2c with the "--no-conf=true" flag and try to download a HTTPS URL, it fails with an "Failed to load trusted CA certificates from no. Cause: error:02001002:system library:fopen:No such file or directory" error. This because aria2c by default expects the certificates to be in "/etc/ssl/certs/ca-certificates.crt", which is a Linuxism. This also breaks tools like pyenv when aria2c is installed, which use this flag (https://github.com/yyuu/ruby-build/commit/6baed1ff66d3bffc6e9ac18d212344f986cfa9d4).

Adding the configure flag "--with-ca-bundle='/usr/local/share/certs/ca-root-nss.crt'" on build resolves this, as the certificate bundle is already a requirement.

Comment 1 Po-Chuan Hsieh freebsd_committer

2018-03-22 15:14:45 UTC

We have it already. You should enable CA_BUNDLE option.

CA_BUNDLE_CONFIGURE_OFF=--without-ca-bundle
CA_BUNDLE_CONFIGURE_ON= --with-ca-bundle=${LOCALBASE}/share/certs/ca-root-nss.crt
CA_BUNDLE_RUN_DEPENDS=  ${LOCALBASE}/share/certs/ca-root-nss.crt:security/ca_root_nss

Comment 2 Marcel Bischoff 2018-04-07 16:42:17 UTC

Thanks for the info. However, this should really be the default setting. the curl package requires ca-root-nss as well.