GNU bug report logs - #61557
vdirsyncer fails to verify certificates

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Package: guix; Reported by: Ethan Blanton <elb@HIDDEN>; dated Thu, 16 Feb 2023 20:30:02 UTC; Maintainer for guix is bug-guix@HIDDEN.

Message received at 61557 <at> debbugs.gnu.org:


Received: (at 61557) by debbugs.gnu.org; 25 Feb 2023 02:44:08 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Feb 24 21:44:08 2023
Received: from localhost ([127.0.0.1]:38690 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1pVkXf-0004yD-Qx
	for submit <at> debbugs.gnu.org; Fri, 24 Feb 2023 21:44:08 -0500
Received: from tobias.gr ([80.241.217.52]:58706)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <me@HIDDEN>)
 id 1pVkXd-0004y0-Hh; Fri, 24 Feb 2023 21:44:06 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=2WaS5/WUjYGEa
 7AuAGD9u6zoL3MJxNPaC/5l2o8H2Uw=; h=subject:to:from:date;
 d=tobias.gr; 
 b=NJAfWhn9rnNGavy+Ijxr016PCAFAoRDKotOSMYZixRZPiOpPrGdKnDkWFGX00rkP61Df
 /pqmqgYm8PpZ/YKdI43QipO5fB0jt/J1moz80ET2R0bX6Gl9C9ZVMQifgB7r/HmqR5v++5
 IX7eNT8Q8pzGD7cpe+mnQIdfrhNqzCJJ+Z0TmH2A1frt69CEZXcQ/tRNycO11p3+oSHkhD
 lX87TJEhZzSjVnGGGm3m+SofCiYgT6rZAhOXfbGhs4M4+FXuAmU76ueI4Xt6UqdXv6+R4X
 Fa1HYCNgrepXXcY4RODtkmqgRe1Od2fk2daG4NFT/jDFRDcMAmgdrgAHstX1UauA==
Received: by submission.tobias.gr (OpenSMTPD) with ESMTP id 8b075506;
 Sat, 25 Feb 2023 02:44:01 +0000 (UTC)
MIME-Version: 1.0
Date: Sat, 25 Feb 2023 03:44:01 +0100
From: Tobias Geerinckx-Rice <me@HIDDEN>
To: control <at> debbugs.gnu.org, 61557 <at> debbugs.gnu.org
Subject: vdirsyncer fails to verify certificates
Message-ID: <c1ac8e44749e6264761e1654977a7e98@HIDDEN>
Content-Type: text/plain; charset=UTF-8;
 format=flowed
Content-Transfer-Encoding: 8bit
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 61557
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

reassign 61557 guix
thanks

Hi,

I had missed the Package: pseudo-header because I shouldn't be alive at 
this point.

All Guix bugs should be filed against the ‘guix’ package, no matter what 
the package—confusing, I know.  Luckily, sending mail to bug-guix@ does 
this for you, so you don't usually need to think about it.

Thanks again!

Kind regards,

T G-R

Sent from a Web browser.  Excuse or enjoy my brevity.
Information forwarded to bug-guix@HIDDEN:
bug#61557; Package guix. Full text available.
bug No longer marked as found in versions 0.19.0. Request was from Ethan Blanton <elb@HIDDEN> to control <at> debbugs.gnu.org. Full text available.
bug reassigned from package 'vdirsyncer' to 'guix'. Request was from Ethan Blanton <elb@HIDDEN> to control <at> debbugs.gnu.org. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 25 Feb 2023 02:31:01 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Feb 24 21:31:01 2023
Received: from localhost ([127.0.0.1]:38679 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1pVkKz-0004dG-3k
	for submit <at> debbugs.gnu.org; Fri, 24 Feb 2023 21:31:01 -0500
Received: from lists.gnu.org ([209.51.188.17]:45866)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <elb@HIDDEN>) id 1pVkKx-0004d7-5V
 for submit <at> debbugs.gnu.org; Fri, 24 Feb 2023 21:30:59 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <elb@HIDDEN>) id 1pVkKw-0003u7-Pn
 for bug-guix@HIDDEN; Fri, 24 Feb 2023 21:30:58 -0500
Received: from cathode.kb8ojh.net ([162.243.72.198])
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <elb@HIDDEN>) id 1pVkKv-0000wB-5j
 for bug-guix@HIDDEN; Fri, 24 Feb 2023 21:30:58 -0500
Received: from anode.kb8ojh.net (pool-68-133-30-163.bflony.fios.verizon.net
 [68.133.30.163])
 by cathode.kb8ojh.net (Postfix) with ESMTPSA id 9E89A405C6
 for <bug-guix@HIDDEN>; Sat, 25 Feb 2023 02:30:55 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kb8ojh.net; s=cathode;
 t=1677292255; bh=8Fbg8P76grBLSR//juAYGGlVUy0tuyXcOO/4YI2nL64=;
 h=Date:From:To:Subject:From;
 b=IWea+yGIUW/oz7UIl3uM9l/bYPjQIO2ntO8IuQtfZ9d6owb/rJDK6ZH6S6hXCR37w
 IMg+NiPoPxSzFH7rm2xwrOaqky40AUfFMq3KTLNWFkejIzEtsYP6mRG+x9xW0OFzrv
 xIB3MByA/iqBjGduOXOh0qgw4g2EDkjv/Tx3gyds=
Received: by anode.kb8ojh.net (Postfix, from userid 1000)
 id 585E3400E9; Fri, 24 Feb 2023 21:30:55 -0500 (EST)
Date: Fri, 24 Feb 2023 21:30:55 -0500
From: Ethan Blanton <elb@HIDDEN>
To: bug-guix@HIDDEN
Subject: bug database indexing problem for bug #61557
Message-ID: <Y/ly3+gvZbQuM7Wc@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-GnuPG-Fingerprint: 2A9A 7752 8B91 6586 6289  FD3D 6CA9 2AC6 A1A8 AD0E
Received-SPF: pass client-ip=162.243.72.198; envelope-from=elb@HIDDEN;
 helo=cathode.kb8ojh.net
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.3 (-)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.3 (--)

Bug #61557, filed against the vdirsyncer package in Guix and having
the title "vdirsyncer fails to verify certificates", does not show up
in the Guix bug database at issues.guix.gnu.org when searching by
keywords such as "vdirsyncer" or "certificates", although it does
appear when searching for "61557".

There may be an indexing problem.

(Filing at the request of nckx/irc)
Information forwarded to help-debbugs@HIDDEN:
bug#61557; Package vdirsyncer. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 16 Feb 2023 20:29:30 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Feb 16 15:29:30 2023
Received: from localhost ([127.0.0.1]:37752 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1pSksj-0006aK-SZ
	for submit <at> debbugs.gnu.org; Thu, 16 Feb 2023 15:29:30 -0500
Received: from lists.gnu.org ([209.51.188.17]:54716)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <elb@HIDDEN>) id 1pSksh-0006aC-Pg
 for submit <at> debbugs.gnu.org; Thu, 16 Feb 2023 15:29:28 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <elb@HIDDEN>) id 1pSksh-0002Vw-JE
 for bug-guix@HIDDEN; Thu, 16 Feb 2023 15:29:27 -0500
Received: from cathode.kb8ojh.net ([162.243.72.198])
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <elb@HIDDEN>) id 1pSksf-0005wY-MC
 for bug-guix@HIDDEN; Thu, 16 Feb 2023 15:29:27 -0500
Received: from anode.kb8ojh.net (pool-68-133-30-163.bflony.fios.verizon.net
 [68.133.30.163])
 by cathode.kb8ojh.net (Postfix) with ESMTPSA id 016B04078D
 for <bug-guix@HIDDEN>; Thu, 16 Feb 2023 20:29:23 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kb8ojh.net; s=cathode;
 t=1676579364; bh=QKpLvAmRgaxoE3kV+tP3RN9bhFyIqkGZPLRLHzAgIKE=;
 h=Date:From:To:Subject:From;
 b=eCQ7ZM8LPA3VMCd1u48mZNhU7UwNlWN/iUC1w6kXd3fzSwbY5HFNeGzvIJFm3/xnR
 R5baHERq0FCBstc9V4e6n9u0ht5tvSsF7ce8d8cW5GdFrt8Kvg43orghMI8z9USJEp
 avUZzJgP2X6wla59rs9fOon6K6cTZBxQO22ls4ac=
Received: by anode.kb8ojh.net (Postfix, from userid 1000)
 id ADD8E400D9; Thu, 16 Feb 2023 15:29:23 -0500 (EST)
Date: Thu, 16 Feb 2023 15:29:23 -0500
From: Ethan Blanton <elb@HIDDEN>
To: bug-guix@HIDDEN
Subject: vdirsyncer fails to verify certificates
Message-ID: <Y+6SIw5S64Rodiyi@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-GnuPG-Fingerprint: 2A9A 7752 8B91 6586 6289  FD3D 6CA9 2AC6 A1A8 AD0E
Received-SPF: pass client-ip=162.243.72.198; envelope-from=elb@HIDDEN;
 helo=cathode.kb8ojh.net
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.3 (-)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.3 (--)

Package: vdirsyncer
Version: 0.19.0

I am using Guix on a foreign distro of Debian GNU/Linux 11 (bullseye).

I have the following manifest installed in particular profile:

(specifications->manifest
 (list "go"
       "sbcl"
       "khal"
       "mutt"
       "nss-certs"
       "protobuf"
       "vdirsyncer"))

Since vdirsyncer updated to 0.19.0, I cannot sync with any remote host
using CalDAV or HTTPS iCalendar files.  This is reproducible with my
private servers, Microsoft Outlook 365 calendars, Google Calendars,
and others.  I have moset recently verified it with Guix 312f1f4 and a
vdirsyncer producing
/gnu/store/9aa2bj3likla61zqbsim1a1c99k3jk93-vdirsyncer-0.19.0 (I don't
know how to give a more precise or useful install, please let me know
if I should, and how I would), but I have narrowed the breaking change
down to Guix revision f635f725778f86abaa77f674f8f670f74bffd7be.
Revision ed18b697c4783f139e23731f5bd0b0ed197997bb, which is vdirsyncer
0.18.0, works as expected.

The lightly redacted error that vdirsyncer produces is:

error: Unknown error occurred for [config entry]/calendarname: Cannot connect to host cloud.kb8ojh.net:443 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate
(_ssl.c:1129)')]

An example configuration that causes this is:

[storage samplecalendar_public]
type = "http"
url = "https://calendar.google.com/calendar/ical/[redacted]group.calendar.google.com/public/basic.ics"

[storage localcalendar_public]
type = "filesystem"
path = "~/.calendars/public"
fileext = ".ics"

[pair public_calendar]
a = "samplecalendar_public"
b = "localcalendar public"
collections = [ "from a" ]

It appears that the root cause is in Python aiohttp, as starting the
python3 interpreter invoked by the vdirsyncer binary in the installed
profile with the GUIX_PYTHONPATH provided, then attempting to fetch an
HTTPS URL using aiohttp, will fail with an SSL error.  I cannot tell
if the root configuration problem is in vdirsyncer and its
dependencies or in aiohttp, so I am reporting it against vdirsyncer,
which I can confirm is broken.

I have tried installing various certificate packages and other
packages that seemed like they might be related (such as nss-certs,
nss itself, gnutls, etc.), but not found anything that seemed to
resolve the issue.

This bug that I have reported upstream is related, but I think the
problem is with the Guix packaging and/or dependencies, not with
vdirsyncer itself:

https://github.com/pimutils/vdirsyncer/issues/1034

Ethan
Acknowledgement sent to Ethan Blanton <elb@HIDDEN>:
New bug report received and forwarded. Copy sent to help-debbugs@HIDDEN. Full text available.
Report forwarded to help-debbugs@HIDDEN:
bug#61557; Package vdirsyncer. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Sat, 25 Feb 2023 03:00:01 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.