Red Hat Bugzilla – Bug 104400
curl cannot do ssl
Last modified: 2007-11-30 17:06:58 EST
Description of problem:
curl connot get https pages by default
Version-Release number of selected component (if applicable):
chrismcc@taroon32 chrismcc]$ rpm -q curl
always with this version
Steps to Reproduce:
1. up2date curl
2. curl https://www.redhat.com
[chrismcc@taroon32 chrismcc]$ curl https://www.redhat.com
curl: (60) SSL certificate problem, verify that the CA cert is OK
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). The default
bundle is named curl-ca-bundle.crt; you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
get web page
you can do
curl --cacert /usr/share/ssl/certs/ca-bundle.crt https://www.redhat.com
and it will work, but this breaks existing scripts that expect to already know
there the CA bundle is, and php pages that expect the underlying system to know
where a CA bundle is.
In the spec file it looks like the build was recently changed to exclude the CA
bundle file at build time.
best solution, ? ? ?
give curl /usr/share/ssl/certs/ca-bundle.crt at build time ?
let curl use it's own bundle file ?
? ? ?
fixed in 7.10.6-4 and 7.10.6-4.1 (RHEL)
note that the curl package now requires openssl package, because it references
the ca cert bundle provided by it, at /usr/share/ssl/certs/ca-bundle.crt
As a FYI
I snagged the rawhide .src and rebuild on taroon.
curl https://www.redhat.com now works from the shell
the same via php (apache) doesn't work. Probably just a php --rebuild , but I
thought I would mention it.
please file a bug under the php component if the rebuild doesn't work