The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cURL SSL/https ca-bundle solution.

Discussion in 'General Discussion' started by ispro, Nov 2, 2005.

  1. ispro

    ispro Well-Known Member

    Apr 8, 2004
    Likes Received:
    Trophy Points:
    Recently we faced with one issue which makes us crazy about it.

    When you have one of the latest cURL (7.10+) and try to fetch https page you got the certificate error warning and it doesn't fetch it. While you may use some switches it is not a good idea anyway.

    After reading docs and manuals for cURL we have prepared the solution which works on RH7.3, RH9, RHEL3 and CentOS and expected to works on most Linux distros.

    cd /root;
    rm -f cacert.pem*;
    chattr -i /usr/share/curl/curl-ca-bundle.crt;
    chattr -i /usr/share/ssl/certs/ca-bundle.crt;
    rm -f /usr/share/curl/curl-ca-bundle.crt;
    rm -f /usr/share/ssl/certs/ca-bundle.crt;
    cp -f cacert.pem /usr/share/curl/curl-ca-bundle.crt;
    cp -f cacert.pem /usr/share/ssl/certs/ca-bundle.crt;
    chmod 644 /usr/share/curl/curl-ca-bundle.crt;
    chmod 644 /usr/share/ssl/certs/ca-bundle.crt;
    chown root.root /usr/share/curl/curl-ca-bundle.crt;
    chown root.root /usr/share/ssl/certs/ca-bundle.crt;
    chmod 755 /usr/share;
    chmod 755 /usr/share/ssl;
    chmod 755 /usr/share/ssl/certs;
    chmod 755 /usr/share/curl/;
    This will fetch updated ca-bundle from the cURL homepage and update your old ones (one that come with openssl package and one which could be requested by some cURL packages).

    This solve all the issues and keep the security as well.

    Hope that our research helps those who got same issues.

    P.S. Stock version of RHEL3 also having the same "issue" due old openssl package, so virtually all distros needs this "patch" to be applied.

    P.P.S. I will post updated cURL packages for RH7.3 to compile latest php 5.0.4+ as they are hard to find:

    RH7.3 (cURL + libxml):

    For RH9 use the curl and curl-devel from RHEL3 if you have it - they are compatible.

Share This Page