[SOLVED] /etc/pki/tls/certs/ca-bundle.crt not present

lucacerone · 2014-08-24 19:54:37

Dear all, recently I started having issues with pacaur.

After submitting a bug report on pacaur github page https://github.com/Spyhawk/pacaur/issues/264,
and after a bit of interaction it seems to be an issue related with

curl

not finding the right tsl certificate file.

If I use curl using a command like :

curl -svfg --compressed -C 0 'https://aur.archlinux.org/rpc.php?type=multiinfo&v=3&arg[]=pacaur'

I get the following error message:

* About to connect() to aur.archlinux.org port 443 (#0)
*   Trying 5.9.250.164...
* Adding handle: conn: 0x1be2ce0
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x1be2ce0) send_pipe: 1, recv_pipe: 0
* Connected to aur.archlinux.org (5.9.250.164) port 443 (#0)
* error setting certificate verify locations:
  CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* Closing connection 0

What does it mean that I do not have the file /etc/pki/tls/certs/ca-bundle.crt and how can I fix this?

Cheers,
Luca

Last edited by lucacerone (2014-08-25 23:49:44)

lucacerone · 2014-08-24 20:03:41

Creating a symbolic link to /etc/ssl/certs/ca-certificates.crt in /etc/pki/tls/certs/ca-bundle.crt
fixes the issue.

Before marking the thread as solved I would like to know why curl was looking for the certificates in /etc/pki/tls/certs/ca-bundle.crt,
rather than the default file /etc/ssl/certs/ca-certificates.crt.

Can it be that I have some issue with my computer?

Last edited by lucacerone (2014-08-25 23:19:53)

Spider.007 · 2014-08-24 20:22:42

What does `curl-config --ca` output? For me; it says:

$ curl-config --ca
/etc/ssl/certs/ca-certificates.crt

Could you verify you're running the latest curl-version from the arch repos? Also; from the man-page:

curl recognizes the environment variable named 'CURL_CA_BUNDLE'
if it is set, and uses the given path as a path to a CA cert
bundle. This option overrides that variable.

Last edited by Spider.007 (2014-08-24 20:23:54)

lucacerone · 2014-08-25 23:48:48

Thanks Spider.007!
I actually had the latest version of curl installed (from the core repository).

However, the issue was caused by the Python distribution from 'Anaconda' (https://store.continuum.io/cshop/anaconda/).
Following their instruction I added the "bin" folder contained in the Anaconda package to my PATH variable.

The Anaconda distribution comes with an older version of curl that searches for the certificates in the non existing path /etc/pki/tls/certs/ca-bundle.crt.

Removing the anaconda/bin folder from path fixed the issues for me!

Thanks for helping me to find the issue!

Cheers,
Luca

Last edited by lucacerone (2014-08-25 23:50:19)

Arch Linux

#1 2014-08-24 19:54:37

[SOLVED] /etc/pki/tls/certs/ca-bundle.crt not present

#2 2014-08-24 20:03:41

Re: [SOLVED] /etc/pki/tls/certs/ca-bundle.crt not present

#3 2014-08-24 20:22:42

Re: [SOLVED] /etc/pki/tls/certs/ca-bundle.crt not present

#4 2014-08-25 23:48:48

Re: [SOLVED] /etc/pki/tls/certs/ca-bundle.crt not present

Board footer