Setting curl proxy options in R - r

I'm running R on a Windows machine behind a corporate proxy. When running R 3.3.2 and version 2.3 of the curl package, this works:
curl::curl_fetch_memory("https://google.com")
Also note the following:
> curl::curl_options(filter = "sslcert")
sslcert sslcerttype
10025 10086
However, this is what happens when running R 3.4.1 and curl 2.8:
> curl::curl_fetch_memory("https://google.com")
Error in curl::curl_fetch_memory("https://google.com") :
error setting certificate verify locations:
CAfile: /mingw32/ssl/certs/ca-bundle.crt
CApath: none
Note:
> curl::curl_options(filter = "sslcert")
proxy_sslcert proxy_sslcerttype sslcert sslcerttype
10254 10255 10025 10086
I gather from the curl source code that these two new options were added in between these two versions.
Since this is the only relevant difference that I can find, my hunch is that curl is looking for the proxy_sslcert in the wrong path. But I can't figure out how to change that variable, nor what I should change it to. Also, what are the numbers shown (10254, etc)?
I don't actually need to use curl specifically, but a lot of other packages rely on it, e.g.
> httr::GET("https://google.com")
Error in curl::curl_fetch_memory(url, handle = handle) :
error setting certificate verify locations:
CAfile: /mingw32/ssl/certs/ca-bundle.crt
CApath: none

Related

check_win_release || Connection timed out after

I'm interested to check if my package is compatible with the windows platform. The library was developed on debian system Platform: x86_64-pc-linux-gnu (64-bit). In order to check windows' comparability I run devtools::check_win_release() which leads me to errors with connection time out:
It first asks for email confirmation to which I confirm.
Error in curl::curl_fetch_memory(url, handle = h) :
Timeout was reached: [win-builder.r-project.org] Connection timed out after 10001 milliseconds
I spoke to the IT admin and they have set a firewall for security measures and forbid interaction via curl or any other utilities. I've proxy settings set as suggested by the IT-admin but again they are in vain.
Is there any way I can check windows build?
I've tried options(timeout = 4000000) but the error persists.
R 4.0 devtools_2.3.1 testthat_2.3.2
There is no build_win
I'm using http://r-pkgs.had.co.nz/release.html as my resource.
Edit: Sys.getenv("http_proxy") and Sys.getenv("https_proxy") print the proxy settings set in the bash environment variable.

R studio Mac Proxy issue

I have downloaded and installed R (3.4.1)and R studio (1.0.153) on MAC OS ( El Captain). I am facing trouble setting up the proxy. I am trying to install some packages from CRAN.
I referred to https://support.rstudio.com/hc/en-us/articles/200488488-Configuring-R-to-Use-an-HTTP-or-HTTPS-Proxy
I was able to set up proxy and used properties
http_proxy=http://MYSERVER:MYPORT
http_proxy_user=user:passwd
I enabled options(internet.info = 0) option to get a trace of internet access from R Studio.
While the proxy server set up looks good in logs, its not able to get authentication.
Here are the logs:
Connected to MYSERVER port MYPORT (#0)
> GET http://cran.rstudio.com/src/contrib/PACKAGES.gz HTTP/1.1
Host: cran.rstudio.com
User-Agent: R (3.4.1 x86_64-apple-darwin15.6.0 x86_64 darwin15.6.0)
Accept: */*
Proxy-Connection: Keep-Alive
Pragma: no-cache
* The requested URL returned error: 407 Proxy Authentication Required
* Closing connection 0
Warning: unable to access index for repository http://cran.rstudio.com/src/contrib:
cannot open URL 'http://cran.rstudio.com/src/contrib/PACKAGES'
(Please note: I have replaced the proxy server and port )
I tried changing the
http_proxy_user=ask
As suggested in one of the work around I read, but that also didn't work.
Could anyone suggest how to set up proxy authentication properly in R studio on Mac?
I have Eclipse installed on my local using the same proxy port and authentication and it is able to download stuff fine.
I am able to hit the url http://cran.rstudio.com/src/contrib/PACKAGES.gz directly in firefox.
I was finally able to make it work. The user id and password was accepted by adding them in the same property
http_proxy=http://username:password#proxyServer:port
This created another issue, my password contained # char, which is why the proxy url was messed up. I referred to another post on stacktrace which suggested to try urlencoding the "#" in the password to %40, With this change, it finally went through the proxy.
options(internet.info = 0) helped look through the detailed log which helped solve the issue.

Secured Elastic Search R connection Error - Client requested protocal TLSv1 not enabled or not supported

I use the elastic 0.7.8 R package to connect to my Elastic Search instance.
Recently, I tried to secure the Elastic Search by using Search Guard 2.
Everything work fines after securing it.
But when I try to connect from R, it fails.
library(elastic)
connect(es_base = "https://localhost", es_port = 9200, es_user = USER, es_pwd = PASS)
The error in the log is "Client requested protocal TLSv1 not enabled or not supported"
I tried to connect to Elastic Search using cURL as below:
curl -k --tlsv1.1 -u USER:PASS https://localhost:9200 (This works)
curl -k --tlsv1.0 -u USER:PASS https://localhost:9200 (This fails)
I am unable to figure out how to force R to use TLSv1.1.
Please assist.
Below are the version:
R : 3.3.1
Elastic Search: 2.4.1
GCC: 4.9.2
OS: RHEL 6.7
Openssl: 1.0.1.e-fips 11 Feb 2013
In elasticsearch.yml simply set
searchguard.ssl.http.enabled_protocols:
- "TLSv1.2"
- "TLSv1.1"
- "TLSv1"
See also https://github.com/floragunncom/search-guard-ssl/blob/master/searchguard-ssl-config-template.yml

devtools::install_github() - Ignore SSL cert verification failure

I'm trying to get devtools::install_github() working behind my corporate proxy on Windows 7.
So far I've had to do the following:
> library(httr)
> library(devtools)
> set_config(use_proxy("123.123.123.123",8080))
> devtools::install_github("rstudio/ggvis")
Installing github repo ggvis/master from rstudio
Downloading master.zip from https://github.com/rstudio/ggvis/archive/master.zip
Error in function (type, msg, asError = TRUE) :
SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Apparently we have some kind of certificate server replacing SSL certs with our own corporate SSL certs (confirmed by going to https://github.com and examining the cert).
Anyhow, just wondering if there's a way to ignore that cert error and proceed with the installation?
One way to handle the problem is to set the CURLOPT_SSL_VERIFYPEER to false. This option determines whether curl verifies the authenticity of the peer's certificate. A value of 1 means curl verifies; 0 (zero) means it doesn't.
http://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYPEER.html
The relevant option needs to be passed to RCurl. In RCurl the CURLOPT_ is removed letters arre lowercase and the underscore is changed to ..
set_config( config( ssl.verifypeer = 0L ) )
will pass the relevant option to RCurl when using httr.
UPDATE:
The httr since this answer was written has moved from RCurl as an underlying dependence to the curl package. cURL options are now specified
with underscores so the above would be:
set_config( config( ssl_verifypeer = 0L ) )
in the current version of httr.
I tired #jdharrisonbut method but it didn't worked for me.
A Quick fix to avoid using https connection, is by replacing https by http. you install a package from cran by this method.
install.packages("http://cran.r-project.org/src/contrib/ggvis_0.4.4.tar.gz", repo=NULL, type="source")

RCurl and self-signed certificate issues

I am having problems getting RCurl function getURL to access an HTTPS URL on a server that is using a self-signed certificate. I'm running R 3.0.2 on Mac OS X 10.9.2.
I have read the FAQ and the curl page on the subject. So this is where I stand:
I have saved a copy of the certificate to disk (~/cert.pem).
I have been able to use this very same file to connect to the server using python-requests and the 'verify' option, and succeeded.
curl on the command-line seems to be ignoring the --cacert option. I succeeded in accessing the website with it after I flagged the certificate as trusted using the Mac OS X 'Keychain Access' app.
RCurl stubbornly refuses to connect to the website with the following code:
getURL("https://somesite.tld", verbose=T, cainfo=normalizePath("~/cert.pem"))
This is the output I get:
* Adding handle: conn: 0x7f92771b0400
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 38 (0x7f92771b0400) send_pipe: 1, recv_pipe: 0
* About to connect() to somesite.tld port 443 (#38)
* Trying 42.42.42.42...
* Connected to somesite.tld (42.42.42.42) port 443 (#38)
* SSL certificate problem: Invalid certificate chain
* Closing connection 38
When I tested both curl with the --cacert option and the RCurl code above in a Linux VM with the same cert.pem file and exact same URL, it worked perfectly.
So equal tests on Linux and Mac OS X, and only on Mac OS X do they fail. Even adding the certificate to the keychain didn't work.
The only thing that does work is using ssl.verifypeer=FALSE, but I don't want to do that for security reasons.
I'm out of ideas here. Anyone else have any suggestions on how to get this to work?
You can try:
library ("RCurl")
URL1 <- "https://data.mexbt.com/ticker/btcusd"
getURL(URL1,cainfo=system.file("CurlSSL","cacert.pem",package="RCurl"))
Coming back to this issue I just wanted to point out that if you are still using RCurl, you should be using httr (which uses curl) instead.
I have confirmed that using config(cainfo="/path/to/certificate") with httr connections will work as intended.

Resources