ca-certs for https://git.php.net
Elan Ruusamäe
glen at pld-linux.org
Fri Mar 12 20:36:09 CET 2021
On 12.03.2021 10:49, Jan Palus wrote:
> On 12.03.2021 10:40, Elan Ruusamäe wrote:
>> $ curl https://git.php.net/repository/pecl/encryption/mcrypt.git
>> curl: (60) SSL certificate problem: unable to get local issuer certificate
>> More details here: https://curl.se/docs/sslcerts.html
>>
>> curl failed to verify the legitimacy of the server and therefore could not
>> establish a secure connection to it. To learn more about this situation and
>> how to fix it, please visit the web page mentioned above.
>>
>>
>> $ rpm -q ca-certificates curl-7.75.0
>> ca-certificates-20210119-1.noarch
>> curl-7.75.0-1.x86_64
>>
>>
>> something off in our systems. this works fine on curl on macos brew
> Works for me with same set of packages. Outdated ca-certificates.crt due
> to ca-certificates-update + noreplace perhaps? Try with
> ca-certificates-20210119-2.
updated, still doesn't work on carme:
$ curl https://git.php.net/repository/pecl/encryption/mcrypt.git
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
$ q ca-certificates
ca-certificates-20210119-3.noarch
here's probably the problem source, the host has ca-certificates
installed, and very old config:
$ l /etc/ca-certificates.conf*
-rw-r--r-- 1 root root 6.3K Feb 1 2010 /etc/ca-certificates.conf
-rw-r--r-- 1 root root 5.5K Mar 12 12:51 /etc/ca-certificates.conf.rpmnew
perhaps the package provided certs should be moved to
/usr/share/ca-certificates/ca-certificates.conf and
/etc/ca-certificates.conf be only local customizations?
More information about the pld-devel-en
mailing list