OK, first the environment variable ... this does not work!
export CURL_CA_BUNDLE=/etc/pki/tls/certs/ca-bundle.crt
set
<deleted>
CURL_CA_BUNDLE=/etc/pki/tls/certs/ca-bundle.crt
<deleted>
bzr launchpad-login gene-czarc
bzr: ERROR: pycurl.error: (60, 'Peer certificate cannot be authenticated with known CA certificates')
so much for that??
-------------------------------------------------------------------------------------------------
I have done a bunch of tests which are pointing me to curl/libcurl: https://bugzilla.redhat.com/show_bug.cgi?id=454151
environment: x86_64, Fedora 9 with updates ~ 7/4/08.
----------------------------------------------------
Here are the last tests I ran:
First, I installed "curl" to have a nice command line
interface.
2. run: curl --cacert /etc/pki/tls/certs/ca-bundle.crt https://launchpad.net
or run: curl https://launchpad.net
both results: curl: (60) Peer certificate cannot be authenticated ...
-----------------------------------------------------
get new cacert.pem from http://curl.haxx.se/docs/caextract.html
[curl website] ... I was assuming that a cert was missing
-----------------------------------------------------
3. run: curl --cacert ./cacert https://www.redhat.com
result: html
4. run: curl --cacert ./cacert https://launchpad.net
result: html ... looking good!
-----------------------------------------------------
This proves something but I am not sure what because if I copy the new
cacert.pem into /etc/pki/tls/certs/ and try to use it from there, redhat works
but launchpad does not.
OK, one more test: copy /etc/pki/tls/certs/ca-bundle.crt to ./ [this is openssl's]
Well, to me this proves that the correct cert is installed in Fedora 9's bundle.
-------------------------------------------------------
I have not looked into the libcurl code itself.
However, from the curl.spec in the src.rpm, the configuration looks good:
--with-ca-bundle=%{_sysconfdir}/pki/tls/certs/ca-bundle.crt
OK, first the environment variable ... this does not work!
export CURL_CA_ BUNDLE= /etc/pki/ tls/certs/ ca-bundle. crt BUNDLE= /etc/pki/ tls/certs/ ca-bundle. crt
set
<deleted>
CURL_CA_
<deleted>
bzr launchpad-login gene-czarc
bzr: ERROR: pycurl.error: (60, 'Peer certificate cannot be authenticated with known CA certificates')
so much for that?? ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------ /bugzilla. redhat. com/show_ bug.cgi? id=454151
-------
I have done a bunch of tests which are pointing me to curl/libcurl:
https:/
environment: x86_64, Fedora 9 with updates ~ 7/4/08. ------- ------- ------- ------- ------- ------- ---
-------
Here are the last tests I ran:
First, I installed "curl" to have a nice command line
interface.
1. run: curl --cacert /etc/pki/ tls/certs/ ca-bundle. crt https:/ /www.redhat. com /www.redhat. com
or run: curl https:/
both results: html
2. run: curl --cacert /etc/pki/ tls/certs/ ca-bundle. crt https:/ /launchpad. net /launchpad. net ------- ------- ------- ------- ------- ------- ---- curl.haxx. se/docs/ caextract. html ------- ------- ------- ------- ------- ------- ---- /www.redhat. com
or run: curl https:/
both results: curl: (60) Peer certificate cannot be authenticated ...
-------
get new cacert.pem from http://
[curl website] ... I was assuming that a cert was missing
-------
3. run: curl --cacert ./cacert https:/
result: html
4. run: curl --cacert ./cacert https:/ /launchpad. net ------- ------- ------- ------- ------- ------- ----
result: html ... looking good!
-------
This proves something but I am not sure what because if I copy the new
cacert.pem into /etc/pki/tls/certs/ and try to use it from there, redhat works
but launchpad does not.
OK, one more test: copy /etc/pki/ tls/certs/ ca-bundle. crt to ./ [this is openssl's]
run curl --cacert ./ca-bundle.crt https:/ /launchpad. net
result: html
Well, to me this proves that the correct cert is installed in Fedora 9's bundle. ------- ------- ------- ------- ------- ------- ------
-------
I have not looked into the libcurl code itself.
However, from the curl.spec in the src.rpm, the configuration looks good: ca-bundle= %{_sysconfdir} /pki/tls/ certs/ca- bundle. crt
--with-
but the there is this:
run: curl-config --ca ------- ------- ------- ------- ------- ------- -------
result: @CURL_CA_BUNDLE@
-------
Any suggestions/test will be appreciated.