CODEWITHSUNDEEP
windowshaskellhaskell-stack
Dominique Unruh
Dominique Unruh

Reputation: 1276

Stack (Haskell) throws TlsException in Windows

Stack (under Windows) sometimes throws the following exception when trying to download files (e.g., during stack setup or while downloading a build plan):

TlsException (HandshakeFailed (Error_Protocol ("certificate has unknown CA",True,UnknownCa))).

How to get around this error if it occurs?

(This was discussed and solved on https://github.com/commercialhaskell/stack/issues/234, I am reposting the question to make the solution more available.)

Upvotes: 15

Views: 1885

Answers (2)

Jamie Cook
Jamie Cook

Reputation: 4525

@unhammer asked the question in the comments of the accepted answer of how to do this without IE installed. I had this same problem on a windows docker instance so I thought I'd share my solution.

From powershell I ran the following snippet

$tls_urls = @("https://github.com", "https://www.hackage.org", "https://stackage.haskell.org", "https://s3.amazonaws.com")
$tls_urls |`
  ForEach-Object {
      Invoke-WebRequest -Uri $_ -UseBasicParsing | out-null
  }

Upvotes: 2

Dominique Unruh
Dominique Unruh

Reputation: 1276

This is due to a certificates not being found by stack when accessing various website. It can be fixed by opening the correct webpage in Internet Explorer (which automatically adds the certificate), and then starting stack again.

To find out which webpage stack accesses, run stack with the verbose option (-v) to see the last attempted download before the failure. E.g.:

C:\> stack -v setup
... some output ...
2015-09-18 14:19:14.9807056: [debug] Downloading from https://www.haskell.org/ghc/dist/7.10.1/ghc-7.10.1-i386-unknown-mingw32.tar.xz to C:\... @(stack_GXibO6avQtx8ez3M6BHFie:Stack.Setup src/Stack\Setup.hs:845:5)
TlsException (HandshakeFailed (Error_Protocol ("certificate has unknown CA",True,UnknownCa)))

(Note: The exact messages may differ. Because the problem is solved on my computer now, I cannot reproduce the exact error without reinstalling Windows.)

So stack is downloading from https://www.haskell.org/, so we need to open https://www.haskell.org/ in Internet explorer. Afterwards stack should work (possibly you need to repeat this step to add different certificates).

Other webpages which stack seems to access are: https://github.com, https://www.stackage.org.

This solution is verified on Win 7 32-bit with Stack 0.1.4.0.

Upvotes: 16

Related Questions