You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
ValueError: UNKNOWN: Error opening "n5" driver:
Error reading "jrc_hela-3/jrc_hela-3.n5/labels/er-mem_pred/s4/attributes.json":
CURL error[77] Problem with the SSL CA cert (path? access rights?): error setting certificate verify locations:
CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
[source locations='tensorstore/internal/http/curl_transport.cc:456\ntensorstore/internal/cache/kvs_backed_cache.h:208\ntensorstore/driver/driver.cc:117']
[tensorstore_spec='{\"context\":{\"aws_credentials\":{\"filename\":\"\",\"metadata_endpoint\":\"\",\"profile\":\"\"},\"cache_pool\":{},\"data_copy_concurrency\":{},\"s3_request_concurrency\":{},\"s3_request_retries\":{}},\"driver\":\"n5\",\"kvstore\":{\"aws_region\":\"us-east-1\",\"bucket\":\"janelia-cosem-datasets\",\"driver\":\"s3\",\"path\":\"jrc_hela-3/jrc_hela-3.n5/labels/er-mem_pred/s4/\"}}']
He's on RedHat:
LSB Version: :core-4.1-amd64:core-4.1-noarch
Distributor ID: RedHatEnterprise
Description: Red Hat Enterprise Linux release 8.6 (Ootpa)
Release: 8.6
Codename: Ootpa
and we eventually found that, unlike the Debian standard of /etc/ssl/certs/ca-certificates.crt, the standard location for CA Certs is /etc/pki/ca-trust/extracted, so setting export TENSORSTORE_CA_BUNDLE=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem fixed our issues. However, that does need to be done before tensorstore is imported, making it a bit harder for my package (which uses tensorstore) to guarantee that a redhat user won't run into this issue.
Would it be possible for tensorstore to perform a check for this file? (and also, please correct me if I'm wrong about the "standardness" of that location)
The text was updated successfully, but these errors were encountered:
Hello,
Recently helped a colleague debug an issue with SSL certs. Here was the code we were testing:
and he got:
He's on RedHat:
and we eventually found that, unlike the Debian standard of
/etc/ssl/certs/ca-certificates.crt
, the standard location for CA Certs is/etc/pki/ca-trust/extracted
, so settingexport TENSORSTORE_CA_BUNDLE=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
fixed our issues. However, that does need to be done before tensorstore is imported, making it a bit harder for my package (which uses tensorstore) to guarantee that a redhat user won't run into this issue.Would it be possible for tensorstore to perform a check for this file? (and also, please correct me if I'm wrong about the "standardness" of that location)
The text was updated successfully, but these errors were encountered: