[SOLVED] Premake: SSL peer certificate or SSH remote key was not OK

I’m working on porting CppSharp to Haiku which heavily relies on Premake to configure the build artifacts.
In Utils.lua the download() functions always fails with:

Downloading: https://github.com/llvm/llvm-project/archive/6eb36aed86ea276695697093eb8136554c29286b.tar.gz
Error: ...t/home/workspace/dotnet/CppSharp/build/scripts/Utils.lua:110: SSL peer certificate or SSH remote key was not OK
Cert verify failed: BADCERT_NOT_TRUSTED

Digging a bit in the Premake docs and on StackOverflow for similar errors, I ‘ve found that Premakes’ Lua engine relies on cURL which, in turn, doesn’t like the CA root certificates in Haiku. Before you ask, I have not tried on another installation but if I launch cURL from the Terminal it does not work as it gets a 0 byte stream although I don’t get a BADCERT_NOT_TRUSTED error

curl -v -O https://github.com/llvm/llvm-project/archive/6eb36aed86ea276695697093eb8136554c29286b.tar.gz

Wget instead works ok

wget https://github.com/llvm/llvm-project/archive/6eb36aed86ea276695697093eb8136554c29286b.tar.gz

So I made some changes to the lua script:

function download(url, file, try)
  print("Downloading: " .. url)
  local prev = 0

  function progress(total, curr)
    http.progress(total, prev, curr)
    prev = curr

  local sslverifypeer = 1
  if os.host() == "haiku" then
    sslverifypeer = 0
  local res, code = http.download(url, file, { progress = progress, sslverifypeer = sslverifypeer } )

  if res ~= "OK" then

    if not try then

  return res, code

Which essentially disables the authenticity check of the peer’s certificate.

cURL docs read “curl uses a default bundle of CA certificates (the path for that is determined at build time)”, I’m wondering if there’s a problem with the version of Premake5 which looks for certs in the wrong path?

Does anyone have a clue about this?

Curl doesn’t follow redirects by default. If you use the -L option then curl will download that URL from github properly: curl -v -L -O https://github.com/llvm/llvm-project/archive/6eb36aed86ea276695697093eb8136554c29286b.tar.gz

1 Like

Thanks @Lrrr for pointing this out!
This confirms that there must be some discrepancy with the cli tool and the api used by Premake, I suppose.

I’ve pushed a patch to HaikuPorts for premake5 but the package builders are down. It should fix the problem but I haven’t had a chance to test it.

1 Like

Brilliant! I’ll let you know.

A big thank you @Lrrr, it works!