Unable to set up TLS. builder error: The Trust Settings Record was corrupted.

[WillCodeForEver]

Verify canary release

• I verified that the issue exists in the latest Turborepo canary release.

Link to code that reproduces this issue

n/a

What package manager are you using / does the bug impact?

Yarn v2/v3/v4 (node_modules linker only)

What operating system are you using?

Mac

Which canary version will you have in your reproduction?

1.13.2

Describe the Bug

Unable to run any turbo run commands due to the following error:

  × Failed to create APIClient: Unable to set up TLS.
  ├─▶ Unable to set up TLS.
  ├─▶ builder error: The Trust Settings Record was corrupted.
  ╰─▶ The Trust Settings Record was corrupted.

I am on MacOS 14.4.1 I have scrubbed my Keychain Access of any expired or invalid certificates. I have reset my keychain defaults....I've reinstalled all the dependencies for the project, but still getting this error

Expected Behavior

turbo command should complete successfully.

To Reproduce

i am not sure if there are any steps to reproduce since other devs are not running into this issue.
Any debugging steps or extra help is appreciated since search of web is coming up empty.

Additional context

No response

[NicholasLYang]

Hi @WillCodeForEver, could you try running in loose mode by passing --env-mode loose in your turbo command?

[WillCodeForEver]

@NicholasLYang thanks for replying, just tried it with --env-mode loose and same error:

proj/node_modules/.bin/turbo --env-mode loose run dev
  × Failed to create APIClient: Unable to set up TLS.
  ├─▶ Unable to set up TLS.
  ├─▶ builder error: The Trust Settings Record was corrupted.
  ╰─▶ The Trust Settings Record was corrupted.

error Command failed with exit code 1.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.

[NicholasLYang]

Huh, that is quite odd. I'll investigate this further. Does this occur in the latest version of turbo as well?

[NicholasLYang]

Sorry if this is a little tedious, but would it be possible to follow these instructions? cloudflare/wrangler-legacy#1656 (comment)

[WillCodeForEver]

@NicholasLYang oh wow that pinpointed to the issue! I had imported some organizations cert bundles and after cloning that project, installing rust toolchain and running the tests it pinpointed to the certs and after removing those certs from my keychain the error went away.
I'll document the steps for future folks running to the same issue:

1. clone https://github.com/rustls/rustls-native-certs
2. install rust toolchain: https://www.rust-lang.org/tools/install
3. open a new terminal (to ensure rust toolchain PATH mods are affected
4. open main/src/macos.rs file
5. add a print statement inside the for loop around line# 30:

for cert in iter {
     let der = cert.to_der();
+    println!("Found cert {:?}", cert.subject_summary());

6. run the tests: cargo tests
7. the tests will fail and will pinpoint which of your certificates in your KeyChain is causing the issue. For me the errors looked like this:

---- test_contains_most_roots_known_by_mozilla stdout ----
Found cert "MyOrg Production Payment Infrastructure v1"
thread 'test_contains_most_roots_known_by_mozilla' panicked at tests/compare_mozilla.rs:99:59:
called `Result::unwrap()` on an `Err` value: Custom { kind: Other, error: Error { code: -25262, message: "The Trust Settings Record was corrupted." } }
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

---- util_list_certs stdout ----
Found cert "MyOrg Production Payment Infrastructure v1"
thread 'util_list_certs' panicked at tests/compare_mozilla.rs:143:59:
called `Result::unwrap()` on an `Err` value: Custom { kind: Other, error: Error { code: -25262, message: "The Trust Settings Record was corrupted." } }

---- test_does_not_have_many_roots_unknown_by_mozilla stdout ----
Found cert "MyOrg Production Payment Infrastructure v1"
thread 'test_does_not_have_many_roots_unknown_by_mozilla' panicked at tests/compare_mozilla.rs:58:59:
called `Result::unwrap()` on an `Err` value: Custom { kind: Other, error: Error { code: -25262, message: "The Trust Settings Record was corrupted." } }

Removing this and two other similar certs from my keychain resolved this issue. Those certs are signed by ORG's signing authority, so i am may have to add them back, but at least i know the issue.

Thanks @NicholasLYang for the help!

[NicholasLYang]

Thanks for the thorough explanation and sorry this required installing an entire rust toolchain lmao

[hwondev]

i have same issue, my case with Found cert "127.0.0.1"

$security find-certificate -c "127.0.0.1" -a -Z |
sudo awk '/SHA-1/{system("security delete-certificate -Z "$NF)}'

[dmetelin]

Mac OS

Run the next command and it will show the certificates that are causing the problem.

/usr/bin/security dump-trust-settings -d

Source:
https://apple.stackexchange.com/questions/458323/fixing-error-the-trust-settings-record-was-corrupted