connection failed due to UnknownIssuer

[karl19]

Silly question, do we know why it fails to download from github, but meantime can cUrl? Obviously im behind corp firewall.

tldr nvm

info: cache is empty, downloading...
info: downloading 'tldr.sha256sums'... FAILED
error: https://github.com/tldr-pages/tldr/releases/latest/download/tldr.sha256sums: **Connection Failed: tls connection init failed: invalid peer certificate: UnknownIssuer**

curl -I https://github.com/tldr-pages/tldr/releases/latest/download/tldr.sha256sums

HTTP/1.1 302 Found
Server: GitHub.com
Date: Mon, 06 May 2024 23:49:11 GMT
Content-Type: text/html; charset=utf-8
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
Location: https://github.com/tldr-pages/tldr/releases/download/v2.2/tldr.sha256sums
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
Set-Cookie: _gh_sess=1Ojsm6%2Fl9GnPMkI1RxozkfSHPo%2F6OBGcv%2BT9sf3O6rarGnb%2B%2BRcC1EpJV5dvLmoyG4w5m%2FmZd6UcdASShynuHW5zqe%2BBxLzXjEbK%2BlwplQbRuQSZW5hTbredtxuJ5az0rMZchRZ5Ot%2BxjUAEMWg4qa0u1KmDDUpZhsXEeehq6khIVbaSLqdkDD7XZKF7VKmmMCbdb1HhNtZdhz%2BqJtlurShHA1LTe6tqaJUDN3wINqFvUPOXDD%2BY6rlVgQ%2B76KhXPIpJ%2B%2FL474uZENG5Q5nfsw%3D%3D--s%2BgR4UZY7suTEnjA--TS9Vk%2FQzf%2FwykXOB5PblWA%3D%3D; Path=/; HttpOnly; Secure; SameSite=Lax
Set-Cookie: _octo=GH1.1.79770719.1715039351; Path=/; Domain=github.com; Expires=Tue, 06 May 2025 23:49:11 GMT; Secure; SameSite=Lax
Set-Cookie: logged_in=no; Path=/; Domain=github.com; Expires=Tue, 06 May 2025 23:49:11 GMT; HttpOnly; Secure; SameSite=Lax
Content-Length: 0
X-GitHub-Request-Id: 47F2:1FBACE:1DC27E3:2127566:66396C77

[acuteenvy]

I think it's because the HTTP library used by tlrc doesn't pick up your SSL certificates by default. I've enabled that feature in 3092e01 - could you compile the latest version from the main branch and test if it works for you?

[karl19]

@acuteenvy still no luck, no matter what i do i got below (running from the latest rust image)

root@cae66abe3157:~/tlrc# cargo build
    Updating crates.io index
error: failed to get `clap` as a dependency of package `tlrc v1.9.2 (/root/tlrc)`

Caused by:
  download of config.json failed

Caused by:
  failed to download from `https://index.crates.io/config.json`

Caused by:
  [60] SSL peer certificate or SSH remote key was not OK (SSL certificate problem: self signed certificate in certificate chain)

[acuteenvy]

Are you actually using a self-signed certificate or is there a CA that you can include in the image to solve this problem? curl should also complain about self-signed certificates if you run it in this image, unless you use --insecure.

[karl19]

@acuteenvy i've actually mounted from my local cert folder and copied them all over to /etc/ssl/certs/ in above attempt