Skip to content

On archlinux (up-to-date), rustup is failing due to some missing certificates (whereas it should work) #4325

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
2 tasks done
SR-G opened this issue May 8, 2025 · 6 comments
Open
2 tasks done

On archlinux (up-to-date), rustup is failing due to some missing certificates (whereas it should work) #4325

SR-G opened this issue May 8, 2025 · 6 comments
Labels
bug

Comments

@SR-G
Copy link

SR-G commented May 8, 2025

Verification

Problem

Main issue is :

invalid peer certificate: UnknownIssuer

SYSTEM : archlinux system (rolling release), with "ca-certificates" installed + now "ca-certificates-mozilla"

The downloaded path IS working with a wget (launched from the same command line)

wget "https://static.rust-lang.org/dist/channel-rust-stable.toml.sha256"
--2025-05-08 11:56:08--  https://static.rust-lang.org/dist/channel-rust-stable.toml.sha256
Loaded CA certificate '/etc/ssl/certs/ca-certificates.crt'
Resolving static.rust-lang.org (static.rust-lang.org)... 151.101.130.137, 151.101.2.137, 151.101.194.137, ...
Connecting to static.rust-lang.org (static.rust-lang.org)|151.101.130.137|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 91 [binary/octet-stream]
Saving to: ‘channel-rust-stable.toml.sha256’

channel-rust-stable.toml.sha256                             100%[========================================================================================================================================>]      91  --.-KB/s    in 0s      

2025-05-08 11:56:08 (25.1 MB/s) - ‘channel-rust-stable.toml.sha256’ saved [91/91]

Steps

When launching : RUSTUP_LOG=trace rustup -v default stable 

2025-05-08T10:22:11.479526Z DEBUG run_rustup:run_rustup_inner:main:set_globals: rustup::cli::common: read metadata version: '12' current_dir="/home/users/sergio" args="[\"rustup\", \"-v\", \"default\", \"stable\"]" current_dir="/home/users/sergio" quiet=false
2025-05-08T10:22:11.480888Z DEBUG run_rustup:run_rustup_inner:main:ensure_installed: rustup::cli::common: looking for installed toolchain 'stable-x86_64-unknown-linux-gnu' current_dir="/home/users/sergio" args="[\"rustup\", \"-v\", \"default\", \"stable\"]"
2025-05-08T10:22:11.480927Z  INFO run_rustup:run_rustup_inner:main:ensure_installed: rustup::cli::common: using existing install for 'stable-x86_64-unknown-linux-gnu' current_dir="/home/users/sergio" args="[\"rustup\", \"-v\", \"default\", \"stable\"]"
2025-05-08T10:22:11.480990Z DEBUG run_rustup:run_rustup_inner:main:ensure_installed:update:update_extra:install: rustup::cli::common: installing toolchain 'stable-x86_64-unknown-linux-gnu' current_dir="/home/users/sergio" args="[\"rustup\", \"-v\", \"default\", \"stable\"]"
2025-05-08T10:22:11.481000Z DEBUG run_rustup:run_rustup_inner:main:ensure_installed:update:update_extra:install: rustup::cli::common: toolchain directory: '/home/users/sergio/.rustup/toolchains/stable-x86_64-unknown-linux-gnu' current_dir="/home/users/sergio" args="[\"rustup\", \"-v\", \"default\", \"stable\"]"
2025-05-08T10:22:11.481033Z  INFO run_rustup:run_rustup_inner:main:ensure_installed:update:update_extra:install:update_from_dist: rustup::cli::common: syncing channel updates for 'stable-x86_64-unknown-linux-gnu' current_dir="/home/users/sergio" args="[\"rustup\", \"-v\", \"default\", \"stable\"]" profile="Default" prefix="/home/users/sergio/.rustup/toolchains/stable-x86_64-unknown-linux-gnu"
2025-05-08T10:22:11.481093Z DEBUG run_rustup:run_rustup_inner:main:ensure_installed:update:update_extra:install:update_from_dist: rustup::cli::common: creating temp file: /home/users/sergio/.rustup/tmp/c8ywxcvyni_dzsv3_file current_dir="/home/users/sergio" args="[\"rustup\", \"-v\", \"default\", \"stable\"]" profile="Default" prefix="/home/users/sergio/.rustup/toolchains/stable-x86_64-unknown-linux-gnu"
2025-05-08T10:22:11.481145Z DEBUG run_rustup:run_rustup_inner:main:ensure_installed:update:update_extra:install:update_from_dist: rustup::cli::common: downloading file from: 'https://static.rust-lang.org/dist/channel-rust-stable.toml.sha256' current_dir="/home/users/sergio" args="[\"rustup\", \"-v\", \"default\", \"stable\"]" profile="Default" prefix="/home/users/sergio/.rustup/toolchains/stable-x86_64-unknown-linux-gnu"
2025-05-08T10:22:11.481155Z DEBUG run_rustup:run_rustup_inner:main:ensure_installed:update:update_extra:install:update_from_dist: rustup::cli::common: downloading with reqwest current_dir="/home/users/sergio" args="[\"rustup\", \"-v\", \"default\", \"stable\"]" profile="Default" prefix="/home/users/sergio/.rustup/toolchains/stable-x86_64-unknown-linux-gnu"
2025-05-08T10:22:11.481270Z DEBUG run_rustup:run_rustup_inner:main:ensure_installed:update:update_extra:install:update_from_dist: reqwest::connect: starting new connection: https://static.rust-lang.org/     current_dir="/home/users/sergio" args="[\"rustup\", \"-v\", \"default\", \"stable\"]" profile="Default" prefix="/home/users/sergio/.rustup/toolchains/stable-x86_64-unknown-linux-gnu"
2025-05-08T10:22:11.481320Z TRACE run_rustup:run_rustup_inner:main:ensure_installed:update:update_extra:install:update_from_dist: hyper_util::client::legacy::connect::http: Http::connect; scheme=Some("https"), host=Some("static.rust-lang.org"), port=None current_dir="/home/users/sergio" args="[\"rustup\", \"-v\", \"default\", \"stable\"]" profile="Default" prefix="/home/users/sergio/.rustup/toolchains/stable-x86_64-unknown-linux-gnu"
2025-05-08T10:22:11.511525Z DEBUG run_rustup:run_rustup_inner:main:ensure_installed:update:update_extra:install:update_from_dist: hyper_util::client::legacy::connect::http: connecting to 151.101.2.137:443 current_dir="/home/users/sergio" args="[\"rustup\", \"-v\", \"default\", \"stable\"]" profile="Default" prefix="/home/users/sergio/.rustup/toolchains/stable-x86_64-unknown-linux-gnu"
2025-05-08T10:22:11.526432Z DEBUG run_rustup:run_rustup_inner:main:ensure_installed:update:update_extra:install:update_from_dist: hyper_util::client::legacy::connect::http: connected to 151.101.2.137:443 current_dir="/home/users/sergio" args="[\"rustup\", \"-v\", \"default\", \"stable\"]" profile="Default" prefix="/home/users/sergio/.rustup/toolchains/stable-x86_64-unknown-linux-gnu"
2025-05-08T10:22:11.526523Z DEBUG run_rustup:run_rustup_inner:main:ensure_installed:update:update_extra:install:update_from_dist: rustls::client::hs: No cached session for DnsName("static.rust-lang.org")     current_dir="/home/users/sergio" args="[\"rustup\", \"-v\", \"default\", \"stable\"]" profile="Default" prefix="/home/users/sergio/.rustup/toolchains/stable-x86_64-unknown-linux-gnu"
2025-05-08T10:22:11.526753Z DEBUG run_rustup:run_rustup_inner:main:ensure_installed:update:update_extra:install:update_from_dist: rustls::client::hs: Not resuming any session     current_dir="/home/users/sergio" args="[\"rustup\", \"-v\", \"default\", \"stable\"]" profile="Default" prefix="/home/users/sergio/.rustup/toolchains/stable-x86_64-unknown-linux-gnu"
2025-05-08T10:22:11.526832Z TRACE run_rustup:run_rustup_inner:main:ensure_installed:update:update_extra:install:update_from_dist: rustls::client::hs: Sending ClientHello Message {
    version: TLSv1_0,
    payload: Handshake {
        parsed: HandshakeMessagePayload {
            typ: ClientHello,
            payload: ClientHello(
                ClientHelloPayload {
                    client_version: TLSv1_2,
                    random: b7127e2663c17af587e8396cc55ac08411b6b97a308e0687ca6310d1c6c7c38c,
                    session_id: 8864b1272b8135bf397a55702aa209ec113d577a1b4736f8ba44505e209aca6a,
                    cipher_suites: [
                        TLS13_AES_256_GCM_SHA384,
                        TLS13_AES_128_GCM_SHA256,
                        TLS13_CHACHA20_POLY1305_SHA256,
                        TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
                        TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
                        TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
                        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
                        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
                        TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
                        TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
                    ],
                    compression_methods: [
                        Null,
                    ],
                    extensions: [
                        ExtendedMasterSecretRequest,
                        SessionTicket(
                            Request,
                        ),
                        Protocols(
                            [
                                ProtocolName(
                                    6832,
                                ),
                                ProtocolName(
                                    687474702f312e31,
                                ),
                            ],
                        ),
                        SignatureAlgorithms(
                            [
                                ECDSA_NISTP384_SHA384,
                                ECDSA_NISTP256_SHA256,
                                ECDSA_NISTP521_SHA512,
                                ED25519,
                                RSA_PSS_SHA512,
                                RSA_PSS_SHA384,
                                RSA_PSS_SHA256,
                                RSA_PKCS1_SHA512,
                                RSA_PKCS1_SHA384,
                                RSA_PKCS1_SHA256,
                            ],
                        ),
                        ServerName(
                            [
                                ServerName {
                                    typ: HostName,
                                    payload: HostName(
                                        DnsName(
                                            "static.rust-lang.org",
                                        ),
                                    ),
                                },
                            ],
                        ),
                        CertificateStatusRequest(
                            Ocsp(
                                OcspCertificateStatusRequest {
                                    responder_ids: [],
                                    extensions: ,
                                },
                            ),
                        ),
                        KeyShare(
                            [
                                KeyShareEntry {
                                    group: X25519,
                                    payload: 2c7e6e637acb0d4d4d28302c904adfef582a54f64d2eabbce64f0b53047ad33c,
                                },
                            ],
                        ),
                        NamedGroups(
                            [
                                X25519,
                                secp256r1,
                                secp384r1,
                                X25519MLKEM768,
                            ],
                        ),
                        SupportedVersions(
                            [
                                TLSv1_3,
                                TLSv1_2,
                            ],
                        ),
                        EcPointFormats(
                            [
                                Uncompressed,
                            ],
                        ),
                        PresharedKeyModes(
                            [
                                PSK_DHE_KE,
                            ],
                        ),
                    ],
                },
            ),
        },
        encoded: 010001040303b7127e2663c17af587e8396cc55ac08411b6b97a308e0687ca6310d1c6c7c38c208864b1272b8135bf397a55702aa209ec113d577a1b4736f8ba44505e209aca6a0014130213011303c02cc02bcca9c030c02fcca800ff010000a700170000002300000010000e000c02683208687474702f312e31000d0016001405030403060308070806080508040601050104010000001900170000147374617469632e727573742d6c616e672e6f7267000500050100000000003300260024001d00202c7e6e637acb0d4d4d28302c904adfef582a54f64d2eabbce64f0b53047ad33c000a000a0008001d0017001811ec002b00050403040303000b00020100002d00020101,
    },
}     current_dir="/home/users/sergio" args="[\"rustup\", \"-v\", \"default\", \"stable\"]" profile="Default" prefix="/home/users/sergio/.rustup/toolchains/stable-x86_64-unknown-linux-gnu"
2025-05-08T10:22:11.548679Z TRACE run_rustup:run_rustup_inner:main:ensure_installed:update:update_extra:install:update_from_dist: rustls::client::hs: We got ServerHello ServerHelloPayload {
    extensions: [
        SupportedVersions(
            TLSv1_3,
        ),
        KeyShare(
            KeyShareEntry {
                group: X25519,
                payload: 7080fe6bde428c23a0306f3cbe3fa7310ff8a32154aa502e0198a297dcca4846,
            },
        ),
    ],
    legacy_version: TLSv1_2,
    random: 0a69ca8747c53ff424f3b2ae5c0c75e18cf6219e11841ca23808a399598c5e6a,
    session_id: 8864b1272b8135bf397a55702aa209ec113d577a1b4736f8ba44505e209aca6a,
    cipher_suite: TLS13_AES_128_GCM_SHA256,
    compression_method: Null,
}     current_dir="/home/users/sergio" args="[\"rustup\", \"-v\", \"default\", \"stable\"]" profile="Default" prefix="/home/users/sergio/.rustup/toolchains/stable-x86_64-unknown-linux-gnu"
2025-05-08T10:22:11.548752Z DEBUG run_rustup:run_rustup_inner:main:ensure_installed:update:update_extra:install:update_from_dist: rustls::client::hs: Using ciphersuite TLS13_AES_128_GCM_SHA256     current_dir="/home/users/sergio" args="[\"rustup\", \"-v\", \"default\", \"stable\"]" profile="Default" prefix="/home/users/sergio/.rustup/toolchains/stable-x86_64-unknown-linux-gnu"
2025-05-08T10:22:11.548796Z DEBUG run_rustup:run_rustup_inner:main:ensure_installed:update:update_extra:install:update_from_dist: rustls::client::tls13: Not resuming     current_dir="/home/users/sergio" args="[\"rustup\", \"-v\", \"default\", \"stable\"]" profile="Default" prefix="/home/users/sergio/.rustup/toolchains/stable-x86_64-unknown-linux-gnu"
2025-05-08T10:22:11.548810Z TRACE run_rustup:run_rustup_inner:main:ensure_installed:update:update_extra:install:update_from_dist: rustls::client::client_conn: EarlyData rejected     current_dir="/home/users/sergio" args="[\"rustup\", \"-v\", \"default\", \"stable\"]" profile="Default" prefix="/home/users/sergio/.rustup/toolchains/stable-x86_64-unknown-linux-gnu"
2025-05-08T10:22:11.548983Z TRACE run_rustup:run_rustup_inner:main:ensure_installed:update:update_extra:install:update_from_dist: rustls::conn: Dropping CCS     current_dir="/home/users/sergio" args="[\"rustup\", \"-v\", \"default\", \"stable\"]" profile="Default" prefix="/home/users/sergio/.rustup/toolchains/stable-x86_64-unknown-linux-gnu"
2025-05-08T10:22:11.549031Z DEBUG run_rustup:run_rustup_inner:main:ensure_installed:update:update_extra:install:update_from_dist: rustls::client::tls13: TLS1.3 encrypted extensions: [ServerNameAck, Protocols([ProtocolName(6832)])]     current_dir="/home/users/sergio" args="[\"rustup\", \"-v\", \"default\", \"stable\"]" profile="Default" prefix="/home/users/sergio/.rustup/toolchains/stable-x86_64-unknown-linux-gnu"
2025-05-08T10:22:11.549051Z DEBUG run_rustup:run_rustup_inner:main:ensure_installed:update:update_extra:install:update_from_dist: rustls::client::hs: ALPN protocol is Some(b"h2")     current_dir="/home/users/sergio" args="[\"rustup\", \"-v\", \"default\", \"stable\"]" profile="Default" prefix="/home/users/sergio/.rustup/toolchains/stable-x86_64-unknown-linux-gnu"
2025-05-08T10:22:11.549143Z TRACE run_rustup:run_rustup_inner:main:ensure_installed:update:update_extra:install:update_from_dist: rustls::client::tls13: Server cert is CertificateChain([CertificateDer(0x3082068f30820577a003020102021001d143c50cf53f77003d46ee64b1d626300d06092a864886f70d01010b05003058310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d7361312e302c06035504031325476c6f62616c5369676e2041746c617320523320445620544c532043412032303234205134301e170d3234313230383039353131325a170d3236303130393039353131315a30263124302206035504030c1b666173746c792d7374617469632e727573742d6c616e672e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100d8eff495945c0c049b9a97827ef0e5d8b74f8b4e3fb6ad846c4780f3d443f110c5dac1fc8188cf62f9ba358092765f1edcca54f2092e6d5a6395fe8ed4c2d3723f9cd97ebeac3a0f582cfeb409a08c1f4a98721f73e5183ef9d782793fac84a2cfaab6bdfe6745b23ad72caa71e128d2852a603da5dc016e94f63dac14c2df34565ef8a17dc2a1dd5f03d412145ae7bfae019e9fb3a6e93958ea4daecb9aae2617e2ecc0950b28d9a90e664a2c4c183ab9ac5ce8cfb0a4022fb58c331a2b968f4273fce104d178bc20c117b6101dfed4d6c99b50732b91109171e889be4ded49b8f5aff85a77179dcec3b78c050189444a64ce3e184a063a8bbe4536649dc3410203010001a382038530820381303c0603551d1104353033821b666173746c792d7374617469632e727573742d6c616e672e6f726782147374617469632e727573742d6c616e672e6f7267300e0603551d0f0101ff0404030205a0301d0603551d250416301406082b0601050507030106082b06010505070302301d0603551d0e04160414a046ea9cf50b83d0f6c4a1d2124acd25a85d053b30570603551d200450304e3008060667810c0102013042060a2b06010401a0320a01033034303206082b06010505070201162668747470733a2f2f7777772e676c6f62616c7369676e2e636f6d2f7265706f7369746f72792f300c0603551d130101ff0402300030819e06082b0601050507010104819130818e304006082b060105050730018634687474703a2f2f6f6373702e676c6f62616c7369676e2e636f6d2f63612f677361746c617372336476746c736361323032347134304a06082b06010505073002863e687474703a2f2f7365637572652e676c6f62616c7369676e2e636f6d2f6361636572742f677361746c617372336476746c7363613230323471342e637274301f0603551d230418301680146091ec1c02f20efe634f65cb62b0022a0358e9b330480603551d1f0441303f303da03ba0398637687474703a2f2f63726c2e676c6f62616c7369676e2e636f6d2f63612f677361746c617372336476746c7363613230323471342e63726c3082017e060a2b06010401d6790204020482016e0482016a01680076001986d4c728aa6ffeba036f782a4d0191aace2d72310faece5d70412d254cc7d400000193a5ae21950000040300473045022073268330d67befc56c35483bccdc00b2be46c8a1e29280387f868add0a452827022100a22e0c0280859b2fe31fb607471ae31cbeb8db3c896e56daa2fd3e43bf25f8850076000e5794bcf3aea93e331b2c9907b3f790df9bc23d713225dd21a925ac61c54e2100000193a5ae2183000004030047304502200255d25493fabeaf43a841d09b1a5fcf9d812b8ad70e53a49646a5e0ea436fae022100d44e18bfdc08580e830529ad1f259364e8bd81d003015301746cc6eb17decbfa007600cb38f715897c84a1445f5bc1ddfbc96ef29a59cd470a690585b0cb14c31458e700000193a5ae223a0000040300473045022013faabb49fc0aec0f8faebeecb625819a93490a1c2c2a806b9a77d290ab2bbc1022100ba89f1367d4a643c0f68d1215521d8e76ac307f1fbdbd9836a18f43648da1377300d06092a864886f70d01010b0500038201010025e5ff061e349c7c4b515dae68e170aac746154a5ebdb4788c8738229dafc4fd605812e3c695ce64ce755082f347c9e1aa32bbe88a2b540ab72c165ad021fc57b70d49709209d69d10472a709face4d00c6a9b72453c055fae5a0c81e34c8b9edb882ca595ab4334472ab233606223c24fad49bca762af7a46f27a3ac0a8d04fdb6b878be51a94e7107263c953c8fa2108e1ac98750cd36f15e370ab41a816b350c118c0203243e3906e94b6d348cec9b010ba037fcbea11536b1d06218ec5d4b1e07b6c33093260edef49755afabc67324b741cce6d12aa824b0b8d5a055eb25f6a2b28ab1dbb7f6e048a850ed7cc8b3933be7ae5f095e6b32b02ef6882b63e), CertificateDer(0x3082049030820378a003020102021100817cd51426f2ddf6ff588022c88554f6300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3234303731373033303934305a170d3236303731373030303030305a3058310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d7361312e302c06035504031325476c6f62616c5369676e2041746c617320523320445620544c53204341203230323420513430820122300d06092a864886f70d01010105000382010f003082010a0282010100e09126c46259dbe4fff2647f0c6ac5dc818e9051c9ff619efaa92b4b065d8abfd6510bc641d815cdec23ce2ca2dc55b983d365e7fe2882d77139afb3648d3afa687c30e0586d879897135207f517b64472c00ecd25703cd654a6ab0d2f811bc5b6c7e819ecd919559c0e42ca0b1f8c36c24409771d180770f47ea09d896e0a98e924d3fbb2a06e7f19b10d271b7896c4b2b077f09b004fef130f738971c2ecf9132ccd40c485d1472486a1407e110e157f5b38db3adcea74edc8d9dc20514398b80c2c139d2174101f58b5eebde199e52b55b36a3f344e16ca27f946abe357bf756c491c697ffcb28e9ae1bb1fc6ced2c8fa757de70f978c213b5cd755a4ba430203010001a382015f3082015b300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b0601050507030230120603551d130101ff040830060101ff020100301d0603551d0e041604146091ec1c02f20efe634f65cb62b0022a0358e9b3301f0603551d230418301680148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc307b06082b06010505070101046f306d302e06082b060105050730018622687474703a2f2f6f637370322e676c6f62616c7369676e2e636f6d2f726f6f747233303b06082b06010505073002862f687474703a2f2f7365637572652e676c6f62616c7369676e2e636f6d2f6361636572742f726f6f742d72332e63727430360603551d1f042f302d302ba029a0278625687474703a2f2f63726c2e676c6f62616c7369676e2e636f6d2f726f6f742d72332e63726c30210603551d20041a30183008060667810c010201300c060a2b06010401a0320a0103300d06092a864886f70d01010b050003820101003dca13a1ecd766a15447c8ba0043c1b400d4ef4b7ff64e62e866288fe8e7018413844b49ee26105211a45f9b9a10a2a416aeee50cf80c2cc25bd9dc091141d58be9d4937eb2ec1f4b727338099af471869ae0fb13919b6900d7e42daff7e548ad93da7e9e672be8a3f4bfb094e3226edb319ac0ad5331f784926cb1c4f57d74408833b862bb9beb215268d471794cdc0e0caa559cf21401530691d2bc07831d6ddd4556392142533011449c976680b2fea38b52be8f93303ef4d4fda23924ea081f23179eae53c000a5026671cd9d981d8d9f47fa0bff9f50cbc53e45a06a80adbf55ff7723014cc8f3fcdfabf612a2440f9c9a23051be392a33fb7acd42f34f)])     current_dir="/home/users/sergio" args="[\"rustup\", \"-v\", \"default\", \"stable\"]" profile="Default" prefix="/home/users/sergio/.rustup/toolchains/stable-x86_64-unknown-linux-gnu"
2025-05-08T10:22:11.549556Z DEBUG run_rustup:run_rustup_inner:main:ensure_installed:update:update_extra:install:update_from_dist: rustls::webpki::anchors: add_parsable_certificates processed 1 valid and 0 invalid certs     current_dir="/home/users/sergio" args="[\"rustup\", \"-v\", \"default\", \"stable\"]" profile="Default" prefix="/home/users/sergio/.rustup/toolchains/stable-x86_64-unknown-linux-gnu"
2025-05-08T10:22:11.549575Z DEBUG run_rustup:run_rustup_inner:main:ensure_installed:update:update_extra:install:update_from_dist: rustls_platform_verifier::verification::others: Loaded 1 CA certificates from the system     current_dir="/home/users/sergio" args="[\"rustup\", \"-v\", \"default\", \"stable\"]" profile="Default" prefix="/home/users/sergio/.rustup/toolchains/stable-x86_64-unknown-linux-gnu"
2025-05-08T10:22:11.549611Z ERROR run_rustup:run_rustup_inner:main:ensure_installed:update:update_extra:install:update_from_dist: rustls_platform_verifier::verification::others: failed to verify TLS certificate: invalid peer certificate: UnknownIssuer     current_dir="/home/users/sergio" args="[\"rustup\", \"-v\", \"default\", \"stable\"]" profile="Default" prefix="/home/users/sergio/.rustup/toolchains/stable-x86_64-unknown-linux-gnu"
2025-05-08T10:22:11.549712Z ERROR run_rustup:run_rustup_inner:main:ensure_installed:update:update_extra:install:update_from_dist: rustup::download::reqwest_be: failed to download file error=Reqwest(reqwest::Error { kind: Request, url: "https://static.rust-lang.org/dist/channel-rust-stable.toml.sha256", source: hyper_util::client::legacy::Error(Connect, Custom { kind: Other, error: Custom { kind: InvalidData, error: InvalidCertificate(UnknownIssuer) } }) }) current_dir="/home/users/sergio" args="[\"rustup\", \"-v\", \"default\", \"stable\"]" profile="Default" prefix="/home/users/sergio/.rustup/toolchains/stable-x86_64-unknown-linux-gnu"
2025-05-08T10:22:11.549809Z TRACE run_rustup:run_rustup_inner:main:ensure_installed:update:update_extra:install:update_from_dist: rustup::dist: error=could not download file from 'https://static.rust-lang.org/dist/channel-rust-stable.toml.sha256' to '/home/users/sergio/.rustup/tmp/c8ywxcvyni_dzsv3_file' current_dir="/home/users/sergio" args="[\"rustup\", \"-v\", \"default\", \"stable\"]" profile="Default" prefix="/home/users/sergio/.rustup/toolchains/stable-x86_64-unknown-linux-gnu"
2025-05-08T10:22:11.549835Z TRACE run_rustup:run_rustup_inner:main:ensure_installed:update:update_extra:install: rustup::install: error=could not download file from 'https://static.rust-lang.org/dist/channel-rust-stable.toml.sha256' to '/home/users/sergio/.rustup/tmp/c8ywxcvyni_dzsv3_file' current_dir="/home/users/sergio" args="[\"rustup\", \"-v\", \"default\", \"stable\"]"
2025-05-08T10:22:11.549856Z TRACE run_rustup:run_rustup_inner:main:ensure_installed:update:update_extra: rustup::toolchain::distributable: error=could not download file from 'https://static.rust-lang.org/dist/channel-rust-stable.toml.sha256' to '/home/users/sergio/.rustup/tmp/c8ywxcvyni_dzsv3_file' current_dir="/home/users/sergio" args="[\"rustup\", \"-v\", \"default\", \"stable\"]"
2025-05-08T10:22:11.549876Z TRACE run_rustup:run_rustup_inner:main:ensure_installed:update: rustup::toolchain::distributable: error=could not download file from 'https://static.rust-lang.org/dist/channel-rust-stable.toml.sha256' to '/home/users/sergio/.rustup/tmp/c8ywxcvyni_dzsv3_file' current_dir="/home/users/sergio" args="[\"rustup\", \"-v\", \"default\", \"stable\"]"
2025-05-08T10:22:11.549896Z TRACE run_rustup:run_rustup_inner:main:ensure_installed: rustup::config: error=could not download file from 'https://static.rust-lang.org/dist/channel-rust-stable.toml.sha256' to '/home/users/sergio/.rustup/tmp/c8ywxcvyni_dzsv3_file' current_dir="/home/users/sergio" args="[\"rustup\", \"-v\", \"default\", \"stable\"]"
2025-05-08T10:22:11.549922Z TRACE run_rustup:run_rustup_inner: rustup_init: error=could not download file from 'https://static.rust-lang.org/dist/channel-rust-stable.toml.sha256' to '/home/users/sergio/.rustup/tmp/c8ywxcvyni_dzsv3_file'
2025-05-08T10:22:11.549944Z ERROR rustup::cli::common: could not download file from 'https://static.rust-lang.org/dist/channel-rust-stable.toml.sha256' to '/home/users/sergio/.rustup/tmp/c8ywxcvyni_dzsv3_file'

Caused by:
    0: error downloading file
    1: error sending request for url (https://static.rust-lang.org/dist/channel-rust-stable.toml.sha256)
    2: client error (Connect)
    3: invalid peer certificate: UnknownIssuer

Possible Solution(s)

No response

Notes

Follow-up of #2924

Rustup version

RUSTUP version : 


rustup --version
rustup 1.28.2 (2025-05-05)
info: This is the version for the rustup toolchain manager, not the rustc compiler.
info: No `rustc` is currently active

whereis rustup
rustup: /usr/bin/rustup /usr/lib/rustup

Installed toolchains

rustup show
Default host: x86_64-unknown-linux-gnu
rustup home:  /home/users/sergio/.rustup

installed toolchains
--------------------
stable-x86_64-unknown-linux-gnu

active toolchain
----------------

OS version

ARCHLINUX
Linux moon 6.6.10-arch1-1 #1 SMP PREEMPT_DYNAMIC Fri, 05 Jan 2024 16:20:41 +0000 x86_64 GNU/Linux
@SR-G SR-G added the bug label May 8, 2025
@SR-G SR-G mentioned this issue May 8, 2025
Closed
@djc
Copy link
Contributor

djc commented May 9, 2025

So rustls_platform_verifier::verification::others: Loaded 1 CA certificates from the system suggests that only one certificate was picked up from your platform root store. It might be useful to run some example code like https://docs.rs/openssl-probe/latest/openssl_probe/fn.probe.html#scraped-examples in your environment to figure out what it's trying to do.

@SR-G
Copy link
Author

SR-G commented May 9, 2025 

cargo run
    Updating crates.io index
     Locking 1 package to latest Rust 1.86.0 compatible version
      Adding openssl-probe v0.1.6
  Downloaded openssl-probe v0.1.6
  Downloaded 1 crate (8.1 KB) in 0.20s
   Compiling openssl-probe v0.1.6
   Compiling test-certificates v0.1.0 (/home/users/sergio/test-certificates)
    Finished `dev` profile [unoptimized + debuginfo] target(s) in 0.75s
     Running `target/debug/test-certificates`
cert_dir: Some("/etc/pki/tls/certs")
cert_file: Some("/etc/pki/tls/certs/ca-bundle.crt")

~/test-certificates% ll /etc/pki/tls/certs/*
-rw-r--r-- 1 root root 2.3K 2023-03-13 22:25 /etc/pki/tls/certs/ca-bundle.crt
-rw-r--r-- 1 root root 2.4K 2023-03-13 22:25 /etc/pki/tls/certs/client.crt
-rw-r--r-- 1 root root 3.2K 2023-03-13 22:25 /etc/pki/tls/certs/client.key

@SR-G
Copy link
Author

SR-G commented May 9, 2025

So indeed

cd /etc/pki/tls
mv certs certs_old
ln -s /etc/ssl/certs .

Did the trick

debug: read metadata version: '12'
debug: looking for installed toolchain 'stable-x86_64-unknown-linux-gnu'
info: using existing install for 'stable-x86_64-unknown-linux-gnu'
debug: installing toolchain 'stable-x86_64-unknown-linux-gnu'
debug: toolchain directory: '/home/users/sergio/.rustup/toolchains/stable-x86_64-unknown-linux-gnu'
info: syncing channel updates for 'stable-x86_64-unknown-linux-gnu'
debug: creating temp file: /home/users/sergio/.rustup/tmp/7se069wx7dppkapm_file
debug: downloading file from: 'https://static.rust-lang.org/dist/channel-rust-stable.toml.sha256'
debug: downloading with reqwest
debug: deleted temp file: /home/users/sergio/.rustup/tmp/7se069wx7dppkapm_file
debug: no update hash at: '/home/users/sergio/.rustup/update-hashes/stable-x86_64-unknown-linux-gnu'
debug: creating temp file: /home/users/sergio/.rustup/tmp/kbun8j14mi7bdcy4_file.toml
debug: downloading file from: 'https://static.rust-lang.org/dist/channel-rust-stable.toml'
debug: downloading with reqwest
debug: checksum passed
debug: deleted temp file: /home/users/sergio/.rustup/tmp/kbun8j14mi7bdcy4_file.toml
info: latest update on 2025-04-03, rust version 1.86.0 (05f9846f8 2025-03-31)
debug: toolchain is already up to date
info: default toolchain set to 'stable-x86_64-unknown-linux-gnu'

  stable-x86_64-unknown-linux-gnu unchanged - (error reading rustc version)

So in the end :

  • i have no idea from where that (outdated) /etc/pki/tls/certs is coming
  • i have no idea why other tools (CURL, WGET, ...) are picking up /etc/ssl/certs/ while rust seems to only be trying that /etc/pki/tls/certs/ folder
  • because of the two previous bullet points, when happening, it seems rather difficult to troubleshoot for a random user (just saying, maybe something could be improved there)

@SR-G
Copy link
Author

SR-G commented May 9, 2025

(however now i have a error: Missing manifest in toolchain 'stable-x86_64-unknown-linux-gnu', which seems a fully different error, maybe related to that "unknown" label ?)

@djc
Copy link
Contributor

djc commented May 9, 2025

Did you have SSL_CERT_DIR or SSL_CERT_FILE set in your environment? What about CURL_CA_BUNDLE?

@SR-G
Copy link
Author

SR-G commented May 9, 2025
edited
Loading 

cat << EOF 
EDITOR          = [$EDITOR]
SSL_CERT_DIR    = [$SSL_CERT_DIR]
SSL_CERT_FILE   = [$SSL_CERT_FILE]
CURL_CA_BUNDLE  = [$CURL_CA_BUNDLE]
EOF

EDITOR 		= [vim]
SSL_CERT_DIR 	= []
SSL_CERT_FILE 	= []
CURL_CA_BUNDLE 	= []

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@djc @SR-G