Bug 104400 - curl cannot do ssl
Summary: curl cannot do ssl
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: curl   
(Show other bugs)
Version: 3.0
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Eido Inoue
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2003-09-14 22:31 UTC by Christopher McCrory
Modified: 2007-11-30 22:06 UTC (History)
0 users

Fixed In Version: 7.10.6-4.1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2003-09-15 21:15:09 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Christopher McCrory 2003-09-14 22:31:29 UTC
Description of problem:
curl connot get https pages by default

Version-Release number of selected component (if applicable):
chrismcc@taroon32 chrismcc]$ rpm -q curl

How reproducible:
always with this version

Steps to Reproduce:
1. up2date curl
2. curl https://www.redhat.com 
Actual results:
[chrismcc@taroon32 chrismcc]$ curl https://www.redhat.com
curl: (60) SSL certificate problem, verify that the CA cert is OK
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). The default
 bundle is named curl-ca-bundle.crt; you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

Expected results:
get web page

Additional info:

you can do
curl --cacert /usr/share/ssl/certs/ca-bundle.crt https://www.redhat.com

and it will work, but this breaks existing scripts that expect to already know
there the CA bundle is, and php pages that expect the underlying system to know
where a CA bundle is.

In the spec file it looks like the build was recently changed to exclude the CA
bundle file at build time.

best solution, ? ? ?
give curl  /usr/share/ssl/certs/ca-bundle.crt at build time ?
let curl use it's own bundle file ?

? ? ?

Comment 1 Eido Inoue 2003-09-15 21:15:09 UTC
fixed in 7.10.6-4 and 7.10.6-4.1 (RHEL)

note that the curl package now requires openssl package, because it references
the ca cert bundle provided by it, at /usr/share/ssl/certs/ca-bundle.crt

Comment 2 Christopher McCrory 2003-09-18 17:57:13 UTC
As a FYI

I snagged the rawhide .src and rebuild on taroon.

curl https://www.redhat.com now works from the shell

the same via php (apache) doesn't work.  Probably just a php --rebuild , but I
thought I would mention it.


Comment 3 Eido Inoue 2003-09-18 21:50:53 UTC
please file a bug under the php component if the rebuild doesn't work

Note You need to log in before you can comment on or make changes to this bug.