Testthat: cannot open the connection to

Build HERE.

During the testthat test, I encounter a “cannot open the connection to” when trying to read data in from a url (a csv file).

Last 13 lines of output:
cannot open the connection to ‘https://www.vdh.virginia.gov/content/uploads/sites/182/2020/03/VDH-COVID-19-PublicUseDataset-Cases.csv
Backtrace:
1. VirginiaC19::refresh_VirginiaC19()
5. VirginiaC19:::read_data()
8. utils::read.csv(“https://www.vdh.virginia.gov/content/uploads/sites/182/2020/03/VDH-COVID-19-PublicUseDataset-Cases.csv”)
9. utils::read.table(…)
10. base::file(file, “rt”)

My env is R version 3.6.3 (2020-02-29) in OS X (x86_64-apple-darwin15.6.0). I’ve built packages like this before, that pull from url (CSV), and have no problem making it through Travis. I’ve switched the package to pull data around from readr and utils with no luck.

Local devtools test and checks work fine.

Thank you for any help you can provide.

@jeroen @jimhester

Hi @debusklaneml,

I wanted to share my experience with a possibly-similar error you’ve had and I hope that helps.

Downloading files on Travis differs from your local computer for reasons I have only little understanding of, but SSL3 is one of the buzzwords, a protocol that -as far as I understand- is too old. Due to this, I’ve not always been able to download files as expected, as some websites do use that older protocol, where the Travis version of ssh had trouble with it. Locally, I -like you- do have a newer ssh version.

I predict this is the real problem you have, as looking at your commit history, I indeed see that you’ve tried to use RCurl for downloading. There are workarounds for this on Travis, but only sometimes I get these to work.

I hope this helps, if only a little bit, and cheers, Richel

Bottom line: install the intermediate “Entrust Certification Authority - L1K” TLS certificate that this server erroneously doesn’t provide to the local trusted certificates store, as per How to install certificates for command line - Ask Ubuntu

before_install:
  - sudo mkdir -p /usr/local/share/ca-certificates/
  - wget https://entrust.com/root-certificates/entrust_l1k.cer
  - openssl x509 -in entrust_l1k.cer -out entrust_l1k.crt
  - sudo mv entrust_l1k.crt /usr/local/share/ca-certificates/
  - sudo update-ca-certificates
  - rm entrust_l1k.cer

Report the incomplete certificate chain to this server’s admins since this is a TLS protocol violation so that they can fix it.


There’s a clear error message in the log:

SSL certificate problem: unable to get local issuer certificate

You can use the SSL Labs website to check for TLS problems that may fail the connection: SSL Server Test: www.vdh.virginia.gov (Powered by Qualys SSL Labs)

It says, in particular:

This server’s certificate chain is incomplete.
<…>
Extra download Entrust Certification Authority - L1K

So you need to get this missing intermediate certificate into the local trusted store, this way or another.

See Travis CI - Test and Deploy with Confidence for an example of a successful build after it’s installed with the code above.