On Thu, 8 Apr 2021, Dennis Clarke via curl-library wrote:
So I looked into the location where the ssl certs "should" be given my
curl config :
$ ./configure ...
--with-ca-path=/opt/bw/ssl/certs \
Note that this is the *ca path* where OpenSSL expects to find individual certs
stored.
You use --with-ca-bundle to specify a "bundle" as a single file.
OpenSSL supports both setups.
So I expect that the cacert.pem file at
https://curl.se/docs/caextract.html
would solve all my problems however :
europa$ ls -lapb /opt/bw/ssl/certs/
total 350
drwxr-xr-x 2 root wheel 3 Apr 8 02:35 ./
drwxr-xr-x 5 root wheel 9 Apr 7 00:14 ../
-rw-r--r-- 1 root wheel 208075 Jan 19 04:12 cacert.pem
europa$
This does not help at all and even OpenSSL seems confused.
Exactly, because you now put the bundle in the directory where OpenSSL expects
a directory setup.
You should rather try your downloaded bundle like this:
$ curl --cacert /opt/bw/ssl/certs/cacert.pem -4 -L https://gitlab.com/ -o
/dev/null
... it certainly works for me!
--
/ daniel.haxx.se
| Commercial curl support up to 24x7 is available!
| Private help, bug fixes, support, ports, new features
| https://www.wolfssl.com/contact/
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.se/mail/etiquette.html
