To be clear, this not an issue in the libraries nor R, the certificates on the server were simply wrong. So, no, this has nothing to do with R.
Cheers, Simon > On Jun 10, 2020, at 10:45 AM, Henrik Bengtsson <henrik.bengts...@gmail.com> > wrote: > > Was this resolved upstream or is this something that R should/could > fix? If the latter, could this also go into the "emergency release" R > 4.0.2 that is scheduled for 2020-06-22? > > My $.02 > > /Henrik > > > On Sun, May 31, 2020 at 8:13 AM Gábor Csárdi <csardi.ga...@gmail.com> wrote: >> >> Btw. it would be also possible to create a macOS R installer that >> embeds a static or dynamic libcurl with Secure Transport, instead of >> the Apple default LibreSSL. >> >> This might be too late for R 4.0.1, I don't know. >> >> Gabor >> >> On Sun, May 31, 2020 at 4:09 PM Gábor Csárdi <csardi.ga...@gmail.com> wrote: >>> >>> On Sat, May 30, 2020 at 11:32 PM Gábor Csárdi <csardi.ga...@gmail.com> >>> wrote: >>> [...] >>>> Btw. why does this affect openssl? That root cert was published in >>>> 2010, surely openssl should know about it? Maybe libcurl / openssl >>>> only uses the chain provided by the server? Without trying to use an >>>> alternate chain? >>> >>> Yes, indeed it seems that old OpenSSL versions cannot handle >>> alternative certificate chains. This has been fixed in OpenSSL in >>> 2015, so modern Linux systems should be fine. However, macOS uses >>> LibreSSL, and LibreSSL never fixed this issue. E.g. >>> https://github.com/libressl-portable/portable/issues/595 >>> >>> r-project.org can be updated to send the new root certificate, which >>> will solve most of our problems, but we'll probably have issues with >>> other web sites that'll update slower or never. >>> >>> FWIW I built macOS binaries for the curl package, using a static >>> libcurl and macOS Secure Transport, so these binaries does not have >>> this issue. >>> >>> They are at https://files.r-hub.io/curl-macos-static and they can be >>> installed with >>> install.packages("curl", repos = >>> "https://files.r-hub.io/curl-macos-static";, type = "binary") >>> >>> They support R 3.2 and up, including R 4.1, and should work on all >>> macOS versions that the given R release supports. >>> >>> Gabor >> >> ______________________________________________ >> R-devel@r-project.org mailing list >> https://stat.ethz.ch/mailman/listinfo/r-devel > > ______________________________________________ > R-devel@r-project.org mailing list > https://stat.ethz.ch/mailman/listinfo/r-devel > ______________________________________________ R-devel@r-project.org mailing list https://stat.ethz.ch/mailman/listinfo/r-devel
