Bug 104400 - curl cannot do ssl
curl cannot do ssl
Status: CLOSED RAWHIDE
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: curl (Show other bugs)
3.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Eido Inoue
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-09-14 18:31 EDT by Christopher McCrory
Modified: 2007-11-30 17:06 EST (History)
0 users

See Also:
Fixed In Version: 7.10.6-4.1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-09-15 17:15:09 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Christopher McCrory 2003-09-14 18:31:29 EDT
Description of problem:
curl connot get https pages by default

Version-Release number of selected component (if applicable):
chrismcc@taroon32 chrismcc]$ rpm -q curl
curl-7.10.6-2.2


How reproducible:
always with this version

Steps to Reproduce:
1. up2date curl
2. curl https://www.redhat.com 
3. 
    
Actual results:
[chrismcc@taroon32 chrismcc]$ curl https://www.redhat.com
curl: (60) SSL certificate problem, verify that the CA cert is OK
 
More details here: http://curl.haxx.se/docs/sslcerts.html
 
curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). The default
 bundle is named curl-ca-bundle.crt; you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.



Expected results:
get web page


Additional info:

you can do
curl --cacert /usr/share/ssl/certs/ca-bundle.crt https://www.redhat.com

and it will work, but this breaks existing scripts that expect to already know
there the CA bundle is, and php pages that expect the underlying system to know
where a CA bundle is.

In the spec file it looks like the build was recently changed to exclude the CA
bundle file at build time.

best solution, ? ? ?
 
give curl  /usr/share/ssl/certs/ca-bundle.crt at build time ?
let curl use it's own bundle file ?

? ? ?
Comment 1 Eido Inoue 2003-09-15 17:15:09 EDT
fixed in 7.10.6-4 and 7.10.6-4.1 (RHEL)

note that the curl package now requires openssl package, because it references
the ca cert bundle provided by it, at /usr/share/ssl/certs/ca-bundle.crt
Comment 2 Christopher McCrory 2003-09-18 13:57:13 EDT
As a FYI

I snagged the rawhide .src and rebuild on taroon.

curl https://www.redhat.com now works from the shell

the same via php (apache) doesn't work.  Probably just a php --rebuild , but I
thought I would mention it.

thanks



Comment 3 Eido Inoue 2003-09-18 17:50:53 EDT
please file a bug under the php component if the rebuild doesn't work

Note You need to log in before you can comment on or make changes to this bug.