Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

no trust anchor file found #25

Open
gsebil08 opened this issue Dec 8, 2022 · 6 comments
Open

no trust anchor file found #25

gsebil08 opened this issue Dec 8, 2022 · 6 comments

Comments

@gsebil08
Copy link

gsebil08 commented Dec 8, 2022

I am facing the following error on my project:

Uncaught exception:

  (Failure
    "ca-certs: no trust anchor file found, looked into /etc/ssl/certs/ca-bundle.crt.\
   \nPlease report an issue at https://github.com/mirage/ca-certs, including:\
   \n- the output of uname -s\
   \n- the distribution you use\
   \n- the location of default trust anchors (if known)\
   \n")

Here are the details:

$ uname -s
Darwin

$ sw_vers
ProductName:	macOS
ProductVersion:	12.6
BuildVersion:	21G115
@hannesm
Copy link
Member

hannesm commented Dec 8, 2022

Thanks for your report. Would you mind to run the command security find-certificate -a -p /System/Library/Keychains/SystemRootCertificates.keychain and provide the output?

@mcstafford-git
Copy link

security find-certificate -a -p

I've got a similar problem on a debian with a few cert issues. It seems there's some cruft from previous config. One of the messages refers to a path that no longer exists, so it may be related to an error-handling issue having to do with missing or null values.

I re-created the missing directory and appended the content from another file to the absent file to work around it.

After that semgrep --config auto worked without an error.

@hannesm
Copy link
Member

hannesm commented Sep 22, 2023

Thanks for your comment. On debian, the following paths should be looked up in order:
(* Debian/Ubuntu/Gentoo etc. )
"/etc/ssl/certs/ca-certificates.crt";
( CentOS/RHEL 7 )
"/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem";
( OpenSUSE *)
"/etc/ssl/ca-bundle.pem";

So, does "/etc/ssl/certs/ca-certificates.crt" exist on your system and is a file?

It seems there's some cruft from previous config.

Sorry to hear about that.

One of the messages refers to a path that no longer exists, so it may be related to an error-handling issue having to do with missing or null values.

Would you mind to elaborate: which path does no longer exist? And which "error-handling issues" are you talking about?

@m1ssya
Copy link

m1ssya commented Feb 27, 2024

Can I customize the path of the trust anchor file?

@hannesm
Copy link
Member

hannesm commented Feb 27, 2024

Can I customize the path of the trust anchor file?

Yes indeed -- as documented in the API docs https://ocaml.org/p/ca-certs/latest/doc/Ca_certs/index.html#val-trust_anchors you can set the environment variable(s) "SSL_CERT_FILE" or "NIX_SSL_CERT_FILE", which are then respected.

@m1ssya
Copy link

m1ssya commented Feb 27, 2024

Can I customize the path of the trust anchor file?

Yes indeed -- as documented in the API docs https://ocaml.org/p/ca-certs/latest/doc/Ca_certs/index.html#val-trust_anchors you can set the environment variable(s) "SSL_CERT_FILE" or "NIX_SSL_CERT_FILE", which are then respected.

Thank you so much, it works

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@hannesm @mcstafford-git @gsebil08 @m1ssya