Testthat: cannot open the connection to

Build HERE.

During the testthat test, I encounter a “cannot open the connection to” when trying to read data in from a url (a csv file).

Last 13 lines of output:
cannot open the connection to ‘https://www.vdh.virginia.gov/content/uploads/sites/182/2020/03/VDH-COVID-19-PublicUseDataset-Cases.csv
1. VirginiaC19::refresh_VirginiaC19()
5. VirginiaC19:::read_data()
8. utils::read.csv(“https://www.vdh.virginia.gov/content/uploads/sites/182/2020/03/VDH-COVID-19-PublicUseDataset-Cases.csv”)
9. utils::read.table(…)
10. base::file(file, “rt”)

My env is R version 3.6.3 (2020-02-29) in OS X (x86_64-apple-darwin15.6.0). I’ve built packages like this before, that pull from url (CSV), and have no problem making it through Travis. I’ve switched the package to pull data around from readr and utils with no luck.

Local devtools test and checks work fine.

Thank you for any help you can provide.

@jeroen @jimhester

Hi @debusklaneml,

I wanted to share my experience with a possibly-similar error you’ve had and I hope that helps.

Downloading files on Travis differs from your local computer for reasons I have only little understanding of, but SSL3 is one of the buzzwords, a protocol that -as far as I understand- is too old. Due to this, I’ve not always been able to download files as expected, as some websites do use that older protocol, where the Travis version of ssh had trouble with it. Locally, I -like you- do have a newer ssh version.

I predict this is the real problem you have, as looking at your commit history, I indeed see that you’ve tried to use RCurl for downloading. There are workarounds for this on Travis, but only sometimes I get these to work.

I hope this helps, if only a little bit, and cheers, Richel

Bottom line: install the intermediate “Entrust Certification Authority - L1K” TLS certificate that this server erroneously doesn’t provide to the local trusted certificates store, as per https://askubuntu.com/questions/645818/how-to-install-certificates-for-command-line:

  - sudo mkdir -p /usr/local/share/ca-certificates/
  - wget https://entrust.com/root-certificates/entrust_l1k.cer
  - openssl x509 -in entrust_l1k.cer -out entrust_l1k.crt
  - sudo mv entrust_l1k.crt /usr/local/share/ca-certificates/
  - sudo update-ca-certificates
  - rm entrust_l1k.cer

Report the incomplete certificate chain to this server’s admins since this is a TLS protocol violation so that they can fix it.

There’s a clear error message in the log:

SSL certificate problem: unable to get local issuer certificate

You can use the SSL Labs website to check for TLS problems that may fail the connection: https://www.ssllabs.com/ssltest/analyze.html?d=www.vdh.virginia.gov

It says, in particular:

This server’s certificate chain is incomplete.
Extra download Entrust Certification Authority - L1K

So you need to get this missing intermediate certificate into the local trusted store, this way or another.

See https://travis-ci.com/github/native-api/VirginiaC19/jobs/376718370 for an example of a successful build after it’s installed with the code above.