On 4/8/2021 12:21 AM, Dennis Clarke via curl-library wrote:
europa$ europa$ curl -4 -L --url 'https://gitlab.com/' -o /dev/null % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 curl: (60) SSL certificate problem: unable to get local issuer certificate More details here:https://curl.se/docs/sslcerts.htmlcurl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. europa$ europa$ curl --version curl 7.75.0 (x86_64-unknown-freebsd13.0) libcurl/7.75.0 OpenSSL/1.1.1k zlib/1.2.11 libidn2/2.3.0 libssh2/1.9.0 Release-Date: 2021-02-03 Protocols: dict file ftp ftps gopher gophers http https imap imaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp Features: alt-svc AsynchDNS HTTPS-proxy IDN Largefile libz NTLM NTLM_WB SSL TLS-SRP UnixSockets europa$ So I looked into the location where the ssl certs "should" be given my curl config : $ ./configure --prefix=/opt/bw --disable-dependency-tracking \ --disable-silent-rules --without-gnu-ld --enable-shared \ --enable-static \ --with-libidn=/usr/local --with-libidn2=/usr/local \ --with-ssl=/opt/bw --with-ca-path=/opt/bw/ssl/certs \ --enable-tls-srp --with-libssh2 So I expect that the cacert.pem file at https://curl.se/docs/caextract.html would solve all my problems however : europa$ ls -lapb/opt/bw/ssl/certs/ total 350 drwxr-xr-x 2 root wheel 3 Apr 8 02:35 ./ drwxr-xr-x 5 root wheel 9 Apr 7 00:14 ../ -rw-r--r-- 1 root wheel 208075 Jan 19 04:12 cacert.pem europa$ This does not help at all and even OpenSSL seems confused.
What is your curl -V version and the verbose output? Your CA path is supposed to contain the certificate files named by hash value [1], which it doesn't. Putting a single file with a bundle of certificates in the path won't help. You can use configure option --with-ca-bundle=FILE. Note your OS may have a packaged and maintained directory containing certificates or a bundle of certificates, I would use that if you can. Also see [2] for scanned paths
[1]: https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_load_verify_locations.html
[2]: https://github.com/curl/curl/blob/curl-7_76_0/acinclude.m4#L2182-L2192 ------------------------------------------------------------------- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
