librelist archives

« back to archive

SSL errors on installation

SSL errors on installation

From:
Brian Marick
Date:
2012-09-01 @ 19:32
Someone reading my book was having trouble downloading leiningen. I'm 
pretty sure it was user error, but I wrote up some more detailed 
installation instructions. While trying them out on my daughter's virgin 
computer, I got this error on the first run of lein (`lein repl`):

> bash-3.2$ lein repl
> Downloading Leiningen now...
> 
> curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
> error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify fail\
> ed
> More details here: http://curl.haxx.se/docs/sslcerts.html
> 
> curl performs SSL certificate verification by default, using a "bundle"
>  of Certificate Authority (CA) public keys (CA certs). The default
>  bundle is named curl-ca-bundle.crt; you can specify an alternate file
>  using the --cacert option.
> If this HTTPS server uses a certificate signed by a CA represented in
>  the bundle, the certificate verification probably failed due to a
>  problem with the certificate (it might be expired, or the name might
>  not match the domain name in the URL).
> If you'd like to turn off curl's verification of the certificate, use
>  the -k (or --insecure) option.
> /Users/paul/bin/lein: line 180: downoad_failed_message: command not found
> Exception in thread "main" java.lang.NoClassDefFoundError: clojure/main
> bash-3.2$ 


I don't *think* I've ever seen this from lein before. What should I tell 
readers they should do about it?

-----
Brian Marick, Artisanal Labrador
Contract programming in Ruby and Clojure
Occasional consulting on Agile
Writing /Functional Programming for the Object-Oriented Programmer/: 
https://leanpub.com/fp-oo

Re: [leiningen] SSL errors on installation

From:
Phil Hagelberg
Date:
2012-09-01 @ 23:27
Brian Marick <marick@exampler.com> writes:

>> bash-3.2$ lein repl
>> Downloading Leiningen now...
>> 
>> curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
>> error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate 
verify fail\
>> ed
>> More details here: http://curl.haxx.se/docs/sslcerts.html
>> 
>
> I don't *think* I've ever seen this from lein before. What should I
> tell readers they should do about it?

If you have a really old version of openssl your system's certificate
store might not have the CAs for GitHub, in which case you'll want to
fix that, probably by upgrading openssl. If for some reason you can't do
this and accept the risk of downloading over an insecure connection you
can set HTTP_CLIENT to a value which ignores the certificate check.

    export HTTP_CLIENT="wget --no-check-certificate -O"
    export HTTP_CLIENT="curl --insecure -f -L -o"

An unfortunate typo prevented the error message from being displayed
which explains this problem from being displayed. It's been fixed in
master.

-Phil