1

Trying to list all object in a google storage bucket - this code runs fine in UNIX systems(centos 7/Mac), However when run from a windows server 2012/16 Vm I get Permanent error in ListObjects : EasyPerform() - CURL error [77]=Problem with the SSL CA cert (path? access rights?)[UNKNOWN]

void gcpFileDialog::getListOfObjectsInBucket()
{
    QString bucket = "exampleBucketName";///_gcpBucketLineEdit->text();
    if ((bucket.isNull()) || (bucket.isEmpty()))
    {
        QMessageBox::critical(this, tr("Error"), tr("GCP Bucket is invalid"));
        return;
    }

    namespace gcs = ::google::cloud::storage;

    // Create a client to communicate with Google Cloud Storage. This client
    // uses the default configuration for authentication and project id.
    google::cloud::StatusOr<gcs::ClientOptions> options = gcs::ClientOptions::CreateDefaultClientOptions();
    google::cloud::StatusOr<gcs::Client> client = gcs::Client::CreateDefaultClient();

    if (!client)
    {
        QMessageBox::critical(this, tr("Error"), tr("Failed to create Storage Client.\n\n%1").arg(QString::fromStdString(client.status().message())));
        return;
    }

    QStringList objectsInBucketList;
    for (auto&& object_metadata : client->ListObjects(bucket.toStdString()))
    {
        if (!object_metadata)
        {
            QMessageBox::critical(this, tr("Error"), tr("There was an Error listing the objects.\n\n%1").arg(QString::fromStdString(object_metadata.status().message())));
            client->ListObjects
            return;
        }

        objectsInBucketList.append(QString::fromStdString(object_metadata->name()));
    }

    if (objectsInBucketList.isEmpty())
    {
        QMessageBox::critical(this, tr("Error"), tr("No Objects found in bucket"));
        return;
    }

    for (QString& object : objectsInBucketList)
    {
        ///list of bucket object _gcpBucketObjectListTextEdit->append(object);
    }
}

I know next to nothing about curl / open ssl certificates (I don't believe this is related to the google managed ssl certificates either) I have used Choco to install openssl and curl on the host vm and added a lot of server roles and features.

The command works when called from Google Cloud SDK Shell - GSUTIL Any help tracking down the issue would be greatly appreciated.

emotionalTristan
  • 33
  • 5
  • 1
    What is the exact error message? – John Hanley May 30 '22 at 15:33
  • ListObjects : EasyPerform() - CURL error [77]=Problem with the SSL CA cert (path? access rights?)[UNKNOWN]. Is the exact message or at least the output of object_metadata.status().message() – emotionalTristan May 30 '22 at 16:01
  • 1
    Try the tips in this article that I wrote: https://www.jhanley.com/curl-ssl-certificate-problem/ – John Hanley May 30 '22 at 16:22
  • 1
    Can you share some information about the version of `google-cloud-cpp` that you are using? And how did you compile or install libcurl? Is it compiled to use Schannel or OpenSSL? – coryan May 30 '22 at 18:08
  • 1
    The reason I asked about how `libcurl` was compiled is better explained here: https://stackoverflow.com/questions/37551409/configure-curl-to-use-default-system-cert-store-on-windows – coryan May 30 '22 at 18:14
  • Hi Coryan - lib curl is from MSYS (gcc) along with grpc/protobuf and absl I'm currently using google-cloud-cpp version 1.20 - there is a bug either in google or msvc/gcc such that it can't compile after template changes to pagination_range.ph - (November 2020) – emotionalTristan May 31 '22 at 08:11
  • As an Update for John I have download the latest cacert.pem set the CURL_CA_BUNDLE environment variable to no luck. Found out the install from chocalety does not include curl-ca-bundle.crt (is that concern)? Installed the binary lib curl - imported the curl-ca-bundle.crt (and added to path) also failed - think this is a case of creating a bad application. So nothing worked. Thank you for your help though. – emotionalTristan May 31 '22 at 09:13
  • Consider opening a bug at https://github.com/googleapis/google-cloud-cpp. The discussion is getting too detailed for these comments. – coryan May 31 '22 at 12:27

1 Answers1

1

I think you need to install the certificate bundles as described in:

https://curl.se/docs/sslcerts.html

With newer versions of google-cloud-cpp you can use CARootsFilePathOption to override the default location of the CA cert file.

coryan
  • 723
  • 3
  • 5
  • This worked along with building a new lib curl with - CURLOPT_SSL_OPTIONS option and set the correct bit in the bitmask: CURLSSLOPT_NATIVE_CA enabled. I am running into another error but the initial problem has been resolve thank you. – emotionalTristan May 31 '22 at 13:56