Description of problem: curl connot get https pages by default Version-Release number of selected component (if applicable): chrismcc@taroon32 chrismcc]$ rpm -q curl curl-7.10.6-2.2 How reproducible: always with this version Steps to Reproduce: 1. up2date curl 2. curl https://www.redhat.com 3. Actual results: [chrismcc@taroon32 chrismcc]$ curl https://www.redhat.com curl: (60) SSL certificate problem, verify that the CA cert is OK More details here: http://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). The default bundle is named curl-ca-bundle.crt; you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option. Expected results: get web page Additional info: you can do curl --cacert /usr/share/ssl/certs/ca-bundle.crt https://www.redhat.com and it will work, but this breaks existing scripts that expect to already know there the CA bundle is, and php pages that expect the underlying system to know where a CA bundle is. In the spec file it looks like the build was recently changed to exclude the CA bundle file at build time. best solution, ? ? ? give curl /usr/share/ssl/certs/ca-bundle.crt at build time ? let curl use it's own bundle file ? ? ? ?
fixed in 7.10.6-4 and 7.10.6-4.1 (RHEL) note that the curl package now requires openssl package, because it references the ca cert bundle provided by it, at /usr/share/ssl/certs/ca-bundle.crt
As a FYI I snagged the rawhide .src and rebuild on taroon. curl https://www.redhat.com now works from the shell the same via php (apache) doesn't work. Probably just a php --rebuild , but I thought I would mention it. thanks
please file a bug under the php component if the rebuild doesn't work