[R-SIG-Mac] Libre SSL bug on MacOS Monterey => error in download.file()
Jeroen Ooms
jeroenoom@ @end|ng |rom gm@||@com
Tue Jan 11 01:04:25 CET 2022
On Mon, Jan 10, 2022 at 11:22 AM Petr Bouchal <pbouchal using gmail.com> wrote:
>
> Dear all,
>
> In brief: on Monterey, R cannot reach certain web domains due to a bug in Libre SSL - and perhaps not relying on system curl/openssl in R would be a systematic solution to this and símilar issues.
>
> Specifically: on MacOS Monterey 12.1 using R 4.1.2, download.file() and other functions that rely on system-provided curl/openssl/Libre SSL (including in the curl package) have been failing on specific domains.
>
> So running
>
> download.file(“https://www.czso.cz/”, tempfile())
>
> returns:
>
> status was ‘SSL connect error’
>
> the underlying error being
>
> error:06FFF089:digital envelope routines:CRYPTO_internal:bad key length.
I have to investigate this further (it looks like a buggy TLS server
actually), but as a workaround you can set an environment variable
CURL_SSL_BACKEND=SecureTransport when starting R, see for details:
https://curl.se/libcurl/c/libcurl-env.html
The version of libcurl that is included with the past few versions of
MacOS is actually built with support for 2 TLS back-ends: LibreSSL and
native apple TLS (aka SecureTransport). You can override the default
using the environment variable above, but you have to set it before
libcurl gets initiated, hence before making any http connections in
the R session, e.g. in your .Renviron.
You can see which version is active by looking at
curl::curl_version()$ssl_version, the version in parenthesis is Try
running:
CURL_SSL_BACKEND=openssl R -e "curl::curl_version()$ssl_version"
CURL_SSL_BACKEND=SecureTransport R -e "curl::curl_version()$ssl_version"
The same version of libcurl is also used by base-R in download.file().
I've also explained this a bit (mostly for windows) in this vignette:
https://cran.r-project.org/web/packages/curl/vignettes/windows.html
More information about the R-SIG-Mac
mailing list