Mix local.hex warning - ‘Authenticity is not established by certificate path validation’

Hi, I’m using Ubuntu 18.04 and after updating to OTP-24.0 yesterday i have this warning when I run “mix local.hex”:

14:57:30.512 [warn] Description: ‘Authenticity is not established by certificate path validation’
Reason: ‘Option {verify, verify_peer} and cacertfile/cacerts is missing’

I’m using this:
Hex: 0.21.2
Elixir: 1.11.2
OTP: 24.0
Built with: Elixir 1.11.4 and OTP 21.3

.mix/archives/hex-0.21.2

I.e. I’m already using the latest hex version, but just wanted to run the command to see if everything still works.

It’s just a warning but it’s strange that this happens all of a sudden after the update.
Does anyone else have this as well?

Hi @Werner, it’s not only you, I also have the same issue with OTP 24:

❯ mix local.hex

12:10:27.885 [warn]  Description: 'Authenticity is not established by certificate path validation'
     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'


12:10:28.106 [warn]  Description: 'Authenticity is not established by certificate path validation'
     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'

Found existing entry: /Users/rodrigues/.asdf/installs/elixir/1.11.4-otp-24/.mix/archives/hex-0.21.2
Are you sure you want to replace it with "https://repo.hex.pm/installs/1.11.0/hex-0.21.2.ez"? [Yn] 

12:10:29.802 [warn]  Description: 'Authenticity is not established by certificate path validation'
     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'

* creating /Users/rodrigues/.asdf/installs/elixir/1.11.4-otp-24/.mix/archives/hex-0.21.2

Me too, I have the same with OTP 24 and Elixir 1.12 using asdf.

Me too. I have the same setup as @alaadahmed

We will look into removing the warnings but there is nothing to worry. We download the Hex information and checksums from a file that is privately encrypted by the Hex team and verified by us with a public key.

Thanks!

Looks like GitHub Dependabot may be affected by this as well:

Dependabot can't resolve your Elixir dependency files
Dependabot failed to update your dependencies because there was an error resolving your Elixir dependency files.

Dependabot encountered the following error:

warning: a term is constructed, but never used
  lib/encoder.ex

** (ArgumentError) argument error
    :erlang.binary_to_term("\n07:37:00.222 [warn]  Description: 'Authenticity is not established by certificate path validation'\n     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'\n\n\n07:37:00.222 [warn]  Description: 'Authenticity is not established by certificate path validation'\n     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'\n\n\n07:37:00.222 [warn]  Description: 'Authenticity is not established by certificate path validation'\n     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'\n\n\n07:37:00.222 [warn]  Description: 'Authenticity is not established by certificate path validation'\n     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'\n\n\n07:37:00.223 [warn]  Description: 'Authenticity is not established by certificate path validation'\n     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'\n\n\n07:37:00.223 [warn]  Description: 'Authenticity is not established by certificate path validation'\n     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'\n\n\n07:37:00.223 [warn]  Description: 'Authenticity is not established by certificate path validation'\n     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'\n\n\n07:37:00.223 [warn]  Description: 'Authenticity is not established by certificate path validation'\n     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'\n\n\n07:37:00.331 [warn]  Description: 'Authenticity is not established by certificate path validation'\n     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'\n\n\n07:37:00.332 [warn]  Description: 'Authenticity is not established by certificate path validation'\n     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'\n\n\n07:37:00.333 [warn]  Description: 'Authenticity is not established by certificate path validation'\n     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'\n\n\n07:37:00.333 [warn]  Description: 'Authenticity is not established by certificate path validation'\n     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'\n\n\n07:37:00.333 [warn]  Description: 'Authenticity is not established by certificate path validation'\n     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'\n\n\n07:37:00.334 [warn]  Description: 'Authenticity is not established by certificate path validation'\n     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'\n\n\n07:37:00.335 [warn]  Description: 'Authenticity is not established by certificate path validation'\n     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'\n\n\n07:37:00.336 [warn]  Description: 'Authenticity is not established by certificate path validation'\n     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'\n\n\n07:37:00.349 [warn]  Description: 'Authenticity is not established by certificate path validation'\n     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'\n\n\n07:37:00.350 [warn]  Description: 'Authenticity is not established by certificate path validation'\n     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'\n\n\n07:37:00.354 [warn]  Description: 'Authenticity is not established by certificate path validation'\n     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'\n\n\n07:37:00.356 [warn]  Description: 'Authenticity is not established by certificate path validation'\n     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'\n\n\n07:37:00.358 [warn]  Description: 'Authenticity is not established by certificate path validation'\n     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'\n\n\n07:37:00.358 [warn]  Description: 'Authenticity is not established by certificate path validation'\n     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'\n\n\n07:37:00.360 [warn]  Description: 'Authenticity is not established by certificate path validation'\n     Reason: 'Option {verify, verify_peer} and cacertfile/" <> ...)
    /opt/hex/lib/run.exs:11: DependencyHelper.main/0
    (elixir 1.10.4) lib/code.ex:926: Code.require_file/2
    (mix 1.10.4) lib/mix/tasks/run.ex:145: Mix.Tasks.Run.run/5

I’m seeing the issue for these dependencies: ecto, ecto_sql, oban_pro and oban_web. Here’s the log:

updater | INFO <job_136250255> Handled error whilst updating ecto_sql: dependency_file_not_resolvable {:message=>"warning: a term is constructed, but never used
  lib/encoder.ex

** (ArgumentError) argument error
    :erlang.binary_to_term("
07:36:28.619 [warn]  Description: 'Authenticity is not established by certificate path validation'
     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'


07:36:28.619 [warn]  Description: 'Authenticity is not established by certificate path validation'
     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'


07:36:28.619 [warn]  Description: 'Authenticity is not established by certificate path validation'
     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'


07:36:28.619 [warn]  Description: 'Authenticity is not established by certificate path validation'
     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'


07:36:28.619 [warn]  Description: 'Authenticity is not established by certificate path validation'
     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'


07:36:28.619 [warn]  Description: 'Authenticity is not established by certificate path validation'
     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'


07:36:28.619 [warn]  Description: 'Authenticity is not established by certificate path validation'
     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'


07:36:28.619 [warn]  Description: 'Authenticity is not established by certificate path validation'
     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'


07:36:28.729 [warn]  Description: 'Authenticity is not established by certificate path validation'
     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'


07:36:28.730 [warn]  Description: 'Authenticity is not established by certificate path validation'
     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'


07:36:28.731 [warn]  Description: 'Authenticity is not established by certificate path validation'
     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'


07:36:28.733 [warn]  Description: 'Authenticity is not established by certificate path validation'
     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'


07:36:28.733 [warn]  Description: 'Authenticity is not established by certificate path validation'
     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'


07:36:28.737 [warn]  Description: 'Authenticity is not established by certificate path validation'
     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'


07:36:28.738 [warn]  Description: 'Authenticity is not established by certificate path validation'
     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'


07:36:28.738 [warn]  Description: 'Authenticity is not established by certificate path validation'
     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'


07:36:28.744 [warn]  Description: 'Authenticity is not established by certificate path validation'
     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'


07:36:28.750 [warn]  Description: 'Authenticity is not established by certificate path validation'
     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'


07:36:28.752 [warn]  Description: 'Authenticity is not established by certificate path validation'
     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'


07:36:28.753 [warn]  Description: 'Authenticity is not established by certificate path validation'
     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'


07:36:28.759 [warn]  Description: 'Authenticity is not established by certificate path validation'
     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'


07:36:28.760 [warn]  Description: 'Authenticity is not established by certificate path validation'
     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'


07:36:28.764 [warn]  Description: 'Authenticity is not established by certificate path validation'
     Reason: 'Option {verify, verify_peer} and cacertfile/" <> ...)
    /opt/hex/lib/run.exs:11: DependencyHelper.main/0
    (elixir 1.10.4) lib/code.ex:926: Code.require_file/2
    (mix 1.10.4) lib/mix/tasks/run.ex:145: Mix.Tasks.Run.run/5"}

Yea I get the same issue

This should be fixed on Elixir v1.12.1.

Hey Jose!

I’m still seeing the warning on 1.12.1 on otp 24. Hope it’s not just me haha.

@zeeshanlakhani what are all of the steps you are running for the warning to appear?

It is important to note the warning may appear in other occasions, and those can be problematic. However, it shouldn’t appear when fetching Hex packages from v1.12.1.

Yes. That’s right and sorry for conflating the two. It’s not happening when fetching hex packages for sure (anymore). I’m guessing it’s due to dependencies that still haven’t fully updated.

I’m using tesla as my http client and I’m getting this when I send a http request.

This means you are using Tesla’s default HTTP client and you should replace the default client by any of the available options they mention in their README.

Perfect. Using Hackney = no warns