I've been able to use the Habitat CLI previously but had to switch to a new laptop and am now having a problem that seems to be related to OpenSSL.
This error is occuring when trying to search for packages in the builder.
iainrose$ hab pkg search iainrose/national-parks
✗✗✗
✗✗✗ the handshake failed: The OpenSSL library reported an error: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed:s3_clnt.c:1264:: unable to get local issuer certificate
✗✗✗
If I run the same command from inside the Hab studio, it's working
I remember running into this a while back, but can no longer reproduce it locally. The error suggests a local issue finding certificates, though. Habitat on MacOS should be going through the normal system certificate store.
Running your command with the environment variable RUST_LOG=debug might provide some more context.
I’ve kind of been able to reproduce this. I’m not sure if this maps at all onto your situation, though.
When I use Homebrew to install openssl (e.g. brew install openssl), it drops off a cert.pem file at /usr/local/etc/openssl/cert.pem. This (and the directory /usr/local/etc/openssl/certs) appear to be where our underlying HTTP client is looking for certificates.
My reproduction step is to remove / rename that cert.pem file, which gives the exact same error.
Can you try installing openssl with Homebrew and see if that fixes things for you?
As an alternative, the environment variables SSL_CERT_FILE and / or SSL_CERT_DIR can be used (note that these are standard OpenSSL environment variables, and nothing Habitat-specific)
# Works after `brew install openssl`!
$ hab pkg search iainrose/national-parks
iainrose/national-parks/6.3.0/20180111214454
iainrose/national-parks/6.3.0/20180315165006
iainrose/national-parks/6.4.0/20180319201145
iainrose/national-parks/6.4.0/20180319203322
iainrose/national-parks/6.4.0/20180319213659
iainrose/national-parks/6.4.0/20180319214059
iainrose/national-parks/6.4.0/20180403232809
iainrose/national-parks/6.4.0/20180404001809
# "Remove" the SSL cert and it fails!
$sudo mv /usr/local/etc/openssl/cert.pem /usr/local/etc/openssl/cert.pem.0
$hab pkg search iainrose/national-parks
✗✗✗
✗✗✗ the handshake failed: The OpenSSL library reported an error: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed:s3_clnt.c:1264:: unable to get local issuer certificate
✗✗✗
# Use an environment variable and it works!
$ SSL_CERT_FILE=/usr/local/etc/openssl/cert.pem.0 hab pkg search iainrose/national-parks
iainrose/national-parks/6.3.0/20180111214454
iainrose/national-parks/6.3.0/20180315165006
iainrose/national-parks/6.4.0/20180319201145
iainrose/national-parks/6.4.0/20180319203322
iainrose/national-parks/6.4.0/20180319213659
iainrose/national-parks/6.4.0/20180319214059
iainrose/national-parks/6.4.0/20180403232809
iainrose/national-parks/6.4.0/20180404001809
FYI, I've got an update to our Homebrew hab package (currently under review) that will install openssl as a dependency, so hopefully very soon nobody else will hit this error.