<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">Makes sense. Hopefully upstream arcanist gets this sorted in the next day or two and some official patch or git pull from main will sort it out. I prefer not to go fiddling with ssh configs if possible. In the meantime, I have other fires
to put out. <span style="font-family:"Segoe UI Emoji",sans-serif">😊</span> Thanks for doing the legwork and reporting your findings!<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thanks,<o:p></o:p></p>
<p class="MsoNormal"> Chris Tetreault<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> Rafael Auler <rafaelauler@fb.com> <br>
<b>Sent:</b> Thursday, September 30, 2021 12:03 PM<br>
<b>To:</b> Shoaib Meenai <smeenai@fb.com>; Chris Tetreault <ctetreau@quicinc.com>; Mehdi AMINI <joker.eph@gmail.com><br>
<b>Cc:</b> llvm-dev@lists.llvm.org<br>
<b>Subject:</b> Re: [llvm-dev] Unable to access Phabricator via arcanist<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p align="center" style="text-align:center"><strong><span style="font-size:10.5pt;font-family:"Arial",sans-serif;color:black;background:yellow">WARNING:</span></strong><span style="font-size:10.5pt;font-family:"Arial",sans-serif;color:black;background:yellow">
This email originated from outside of Qualcomm. Please be wary of any links or attachments, and do not enable macros.</span><o:p></o:p></p>
<div>
<p class="MsoNormal">It looks like somebody also already opened a PR in phacility/arcanist regarding this issue:<br>
<a href="https://github.com/phacility/arcanist/pull/259/commits/e3659d43d8911e91739f3b0c5935598bceb859aa">https://github.com/phacility/arcanist/pull/259/commits/e3659d43d8911e91739f3b0c5935598bceb859aa</a><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal" style="margin-bottom:12.0pt"><b><span style="font-size:12.0pt;color:black">From:
</span></b><span style="font-size:12.0pt;color:black">llvm-dev <<a href="mailto:llvm-dev-bounces@lists.llvm.org">llvm-dev-bounces@lists.llvm.org</a>> on behalf of Shoaib Meenai via llvm-dev <<a href="mailto:llvm-dev@lists.llvm.org">llvm-dev@lists.llvm.org</a>><br>
<b>Date: </b>Thursday, September 30, 2021 at 11:29 AM<br>
<b>To: </b>Chris Tetreault <<a href="mailto:ctetreau@quicinc.com">ctetreau@quicinc.com</a>>, Mehdi AMINI <<a href="mailto:joker.eph@gmail.com">joker.eph@gmail.com</a>><br>
<b>Cc: </b><a href="mailto:llvm-dev@lists.llvm.org">llvm-dev@lists.llvm.org</a> <<a href="mailto:llvm-dev@lists.llvm.org">llvm-dev@lists.llvm.org</a>><br>
<b>Subject: </b>Re: [llvm-dev] Unable to access Phabricator via arcanist<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal">A coworker was running into similar issues internally, and it appeared to be related to
<a href="https://docs.certifytheweb.com/docs/kb/kb-202109-letsencrypt/">https://docs.certifytheweb.com/docs/kb/kb-202109-letsencrypt/</a> . He had to update custom.pem inside arcanist/resources/ssl (he copied it over from an internal certificate bundle) ...
the README in that directory has more information.<br>
<br>
On 9/30/21, 10:25 AM, "llvm-dev on behalf of Chris Tetreault via llvm-dev" <<a href="mailto:llvm-dev-bounces@lists.llvm.org%20on%20behalf%20of%20llvm-dev@lists.llvm.org">llvm-dev-bounces@lists.llvm.org on behalf of llvm-dev@lists.llvm.org</a>> wrote:<br>
<br>
On both machines, I can go directly to the page. On the windows machine, curl retrieves the page. On the linux machine, I get a similar error:<br>
<br>
```<br>
curl <a href="https://reviews.llvm.org">https://reviews.llvm.org</a> <br>
curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none<br>
More details here: <a href="http://curl.haxx.se/docs/sslcerts.html">http://curl.haxx.se/docs/sslcerts.html</a>
<br>
<br>
curl performs SSL certificate verification by default, using a "bundle"<br>
of Certificate Authority (CA) public keys (CA certs). If the default<br>
bundle file isn't adequate, you can specify an alternate file<br>
using the --cacert option.<br>
If this HTTPS server uses a certificate signed by a CA represented in<br>
the bundle, the certificate verification probably failed due to a<br>
problem with the certificate (it might be expired, or the name might<br>
not match the domain name in the URL).<br>
If you'd like to turn off curl's verification of the certificate, use<br>
the -k (or --insecure) option.<br>
```<br>
<br>
If the problem is purely on my end, I suppose I can take it from here. Thanks for the help!<br>
<br>
Thanks,<br>
Chris Tetreault<br>
<br>
-----Original Message-----<br>
From: Mehdi AMINI <<a href="mailto:joker.eph@gmail.com">joker.eph@gmail.com</a>>
<br>
Sent: Thursday, September 30, 2021 10:06 AM<br>
To: Chris Tetreault <<a href="mailto:ctetreau@quicinc.com">ctetreau@quicinc.com</a>><br>
Cc: <a href="mailto:llvm-dev@lists.llvm.org">llvm-dev@lists.llvm.org</a><br>
Subject: Re: [llvm-dev] Unable to access Phabricator via arcanist<br>
<br>
WARNING: This email originated from outside of Qualcomm. Please be wary of any links or attachments, and do not enable macros.<br>
<br>
On this machine, does it work when you use a browser?<br>
<br>
What about curl on the command line?<br>
Try: curl <a href="https://reviews.llvm.org/">https://reviews.llvm.org/</a> <br>
<br>
If curl reproduces the issue, there are many tracing/debug options for curl.<br>
<br>
Also I don't know if you tried the --trace option that arc suggests and if it gave more info?<br>
<br>
--<br>
Mehdi<br>
<br>
<br>
On Thu, Sep 30, 2021 at 9:40 AM Chris Tetreault via llvm-dev <<a href="mailto:llvm-dev@lists.llvm.org">llvm-dev@lists.llvm.org</a>> wrote:<br>
><br>
> I’m having issues using arcanist to access Phabricator this morning. I tried commands from two different machines that worked yesterday, and I’m getting certificate issues:<br>
><br>
><br>
><br>
> (from a windows machine, worked yesterday)<br>
><br>
> $ arc diff<br>
><br>
> Exception<br>
><br>
> [cURL/60] (<a href="https://reviews.llvm.org/api/user.whoami">https://reviews.llvm.org/api/user.whoami</a> ) <CURLE_SSL_CACERT> There was an error verifying the SSL connection. This usually indicates that the remote host has an SSL certificate for a different
domain name than you are connecting with. Make sure the certificate you have installed is signed for the correct domain.<br>
><br>
> (Run with `--trace` for a full exception trace.)<br>
><br>
><br>
><br>
> (from a linux machine, worked recently)<br>
><br>
> $ arc patch D110747<br>
><br>
> Exception<br>
><br>
> [cURL/60] (<a href="https://reviews.llvm.org/api/differential.querydiffs">https://reviews.llvm.org/api/differential.querydiffs</a> ) <CURLE_SSL_CACERT> There was an error verifying the SSL Certificate Authority while negotiating the SSL connection. This
usually indicates that you are using a self-signed certificate but have not added your CA to the CA bundle. See instructions in "libphutil/resources/ssl/README".<br>
><br>
> (Run with `--trace` for a full exception trace.)<br>
><br>
><br>
><br>
> Is anybody else seeing this? If it’s an issue on my side, has anybody else seen this issue before and knows what I need to do to fix it?<br>
><br>
><br>
><br>
> Thanks,<br>
><br>
> Chris Tetreault<br>
><br>
> _______________________________________________<br>
> LLVM Developers mailing list<br>
> <a href="mailto:llvm-dev@lists.llvm.org">llvm-dev@lists.llvm.org</a><br>
> <a href="https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev">https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev</a>
<br>
_______________________________________________<br>
LLVM Developers mailing list<br>
<a href="mailto:llvm-dev@lists.llvm.org">llvm-dev@lists.llvm.org</a><br>
<a href="https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev">https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev</a>
<br>
<br>
_______________________________________________<br>
LLVM Developers mailing list<br>
<a href="mailto:llvm-dev@lists.llvm.org">llvm-dev@lists.llvm.org</a><br>
<a href="https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev">https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev</a>
<o:p></o:p></p>
</div>
</div>
</div>
</body>
</html>