httr/curl error Caused by error in `curl::curl_fetch_memory()`: ! error:0A000152:SSL routines::unsafe legacy renegotiation disabled

mccroweyclinton-EPA · June 21, 2023, 8:06pm

I am getting the following error when I run unit tests on my package RAQSAPI

[Caused by error in `curl::curl_fetch_memory()`: ! error:0A000152:SSL routines::unsafe legacy renegotiation disabled

My understanding is that this issue is caused by servers that do not support RFC 5746. My organization is unable to add support for this feature on their servers. Is it possible to make httr bypass this restriction. I have read that this restriction can be bypassed by editing openssl config files but I am making a R package. My R package does not and have access to those config files and should not have access to openssl config files. Is there another work around for this since the data being retrieved isn't sensitive, I don't think that my package needs to be overly concerned with security related to SSL issues.

Gabor · June 26, 2023, 7:02am

See httr::httr_options("ssl") for the list of SSL-related options that you can set with httr::config().

E.g. you could probably set either ssl_verifyhost and/or ssl_verifypeer to FALSE, although that turns off SSL completely as I understand.

maelle · June 26, 2023, 6:49am

I had a similar (albeit not the same, ours was Error in curl::curl_fetch_memory(url): error:1414D172:SSL routines:tls12_check_peer_sigalg:wrong signature type) problem with a package wrapping an API. I contacted the API maintainers, who fixed the problem. In the meantime I had set an option as suggested by @Gabor (Use httr config for Linux & geology web services by maelle · Pull Request #78 · EMODnet/EMODnetWFS · GitHub)

mccroweyclinton-EPA · July 25, 2023, 5:45pm

Thank you @Gabor and @maelle , how would you suggest that I implement this so that my package does not affect the user's R environment permanently? I definitely don't want my packages changing the R environment for the user, I just want to set this so that it only affects my package. I also don't want to set this permanently.

Edit: to clarify, I could use witr functions but that would possibly affect the rest of the user's R environment.

Gabor · July 25, 2023, 6:09pm

Yes, setting it like Maelle's example only affects your package:

(The link is a bit weird, look at line 26 in client.R. Then pass this config to your httr functions.)

mccroweyclinton-EPA · July 25, 2023, 6:31pm

I am not sure if I understand what is going on in that link. This is what I see.

I have no idea what this code is supposed to do.

mccroweyclinton-EPA · July 25, 2023, 6:36pm

ok, I think I see it. I should just run this

httr::config(ssl_cipher_list = 'DEFAULT@SECLEVEL=1')

and that will not disturb the rest of the user's environment?

Also I am in the process of transitioning to httr2, does httr2 have an equivalent function?

Gabor · July 25, 2023, 8:36pm

You don't just run it, but you need to stick that into the httr functions:

httr::GET(
  "https://example.com", 
  httr::config(ssl_cipher_list = 'DEFAULT@SECLEVEL=1')
)

This actually fails for me on my libcurl, but this is how it goes. See the libcurl documentation for the options that you can set, hopefully one of them helps you.

mccroweyclinton-EPA · July 26, 2023, 2:50pm

Thanks @Gabor, for httr2 would I use req_options()?

mccroweyclinton-EPA · July 26, 2023, 5:38pm

I just tried to added that and still I am getting this error message. Here is a snippit from running my unit tests via github actions.

Blockquote [ FAIL 8 | WARN 0 | SKIP 0 | PASS 23 ]

══ Failed tests ════════════════════════════════════════════════════════════════
── Error ('test-bybox.R:21:3'): bybox functions ────────────────────────────────
Error in curl::curl_fetch_memory(url, handle = handle): error:0A000152:SSL routines::unsafe legacy renegotiation disabled
Backtrace:
▆

├─... %>% ... at test-bybox.R:21:2
├─testthat::expect_match(...)
│ └─testthat::quasi_label(enquo(object), label, arg = "object")
│ └─rlang::eval_bare(expr, quo_get_env(quo))
└─RAQSAPI::aqs_isavailable(return_header = TRUE)
└─RAQSAPI:::aqs(...)

└─httr::GET(url, user_agent, httr::config(ssl_cipher_list = "DEFAULT@SECLEVEL=1"))

  └─httr:::request_perform(req, hu$handle$handle)

    ├─httr:::request_fetch(req$output, req$url, handle)

    └─httr:::request_fetch.write_memory(req$output, req$url, handle)

      └─curl::curl_fetch_memory(url, handle = handle)

The issue is when running that same code on my local computer I don't get any error message, everything works fine so I have no idea how to debug this problem.

link to the github repo if needed

system · August 5, 2023, 8:07pm

This topic was automatically closed after 45 days. New replies are no longer allowed.

If you have a query related to it or one of the replies, start a new topic and refer back with a link.