-
Notifications
You must be signed in to change notification settings - Fork 83
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Disabling certificate validation #170
Comments
I don't think so, that is really the only defense we have against some really bad attack vectors at the moment. If we were to disable this, anyone between your machine and the server where the files are hosted could just inject whatever they wanted and send you that. I think what this error suggests is that your system doesn't rust the CA issuer that created the certificate for the domain from which we are fetching the data. Unclear to me why that would be the case, maybe @staticfloat has an idea? |
I see. I wonder what rustup does, then, because I was able to install it here without issues. |
Maybe their certificate was issued by a different authority that is actually whitelisted on your system? Also, note to self: I should check how the Rust crate we are using is actually handling this. I'm assuming it is just looking at some system store of whitelisted certificate authorities, but we could double check. |
Both of the certificates are valid; so either the root is not trusted by your system for some reason (does going there in a browser work for you?), or someone is indeed MITM'ing you. :P |
Yes, that works. |
Very possible that @darleybarreto is behind a MITM filewall. In which case whatever Anyway, welcome to hell. |
The best option is to use a native system TLS engine which is both more secure (does certificate revocation checks on Windows and macOS) and is more likely to have MITM firewall certs added to it by the IT department. If you can point me at where the code for doing the downloads that's failing is, I might be able to save you some pain since I've already been through a lot of this for Julia itself. |
We use the |
Is there any update on this? Or any workaround? I am running into this when trying to update to 1.7.3/1.8.0-rc1. |
Someone needs to try using rust-native-tls and hopefully that helps. |
I just merged a PR so that on Windows and Mac we now use the native tls facilities of the OS. |
I can confirm this works now, thank you :) |
Hi folks, I tried to install julia 1.6.4 on a Windows 10 machine with some security constraints and I got this error
$ juliaup add 1.6.4 Installing Julia 1.6.4+0 (x64). Error: Failed to download from url `https://julialang-s3.julialang.org/bin/winnt/x64/1.6/julia-1.6.4-win64.tar.gz` Caused by: 0: https://julialang-s3.julialang.org/bin/winnt/x64/1.6/julia-1.6.4-win64.tar.gz: Connection Failed: invalid peer certificate contents: invalid peer certificate: UnknownIssuer 1: invalid peer certificate contents: invalid peer certificate: UnknownIssuer
Would it be possible to disable certificate validation?
The text was updated successfully, but these errors were encountered: