Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Error with ca-bundle.crt #32065
I am having an issue similar to #32019
Here is the gist:
I installed Yosemite a long time ago and brew was working just fine, although I did update to the latest version today. More on that later.
So I did a brew update and then upgrade. originally I was getting this error:
curl: (77) SSL: can't load CA certificate file /usr/local/opt/curl-ca-bundle/share/ca-bundle.crt
So I looked at that path and saw that opt/curl-ca-bundle was a link to a Cellar/curl-ca-bundle/1.87 or some such (I deleted the link as you will see so I can;t be sure of version number)
But when I looked in the Cellar directory there was indeed no such directory so perhaps the upgrade deleted this? So I tried brew "install curl-ca-bundle" and it says "formula not found". Strange - where did I get that formula in the first place?
so I did a download manually from the curl site and relinked the opt/curl-ca-bundle/ to where I put it. That's when I get this error:
curl: (51) SSL: certificate verification failed (result: 5)
I followed the thread in 32019 - wget works, brew curl gives same error and I don't have a .curlrc in my home directory. I tried restarting several times - didnt help.
Like I said, I did upgrade to latest Yosemite version today and perhaps that is relevant in that I had reported a bug to Apple that I couldn't turn on my iCloud keychain and this new version fixes that bug so now I have iCloud keychain working again. But I am pretty sure it was working when I first installed Yosemite and brew was behaving. Also what happened to the brew curl-ca-bundle formula that seemed to solve the problem in the past??????????????
I've been doing a bit more research on this topic so am adding some more comments:
When I go directly to the URL in Safari (not using curl) the libpng file downloads perfectly, which means in the Apple keychain there are proper keys. Also I try importing the curl .pem file into the keychain but it won't let me:
$ security add-trusted-cert /usr/local/tmp/curl-ca-bundle/share/cacert.pem
From what I read here
Apple's curl seems to use the info in the keychain. So why is brew pushing curl to look in opt.... instead of just relying on the Apple keychain?
Hopefully this additional info gives you a few more clues.
Ooops. Found the problem. The reference to opt.. was hardcoded into my profile!!!!!
I must have followed some instructions when I originally installed brew that install that curl-ca-bundle formula and had me update my profile - although I don't remember doing this. Anyway, I'm sure I'm not the only one so hopefully this saves someone else the hours I wasted :)
Just for the curious I actually figured out how I got myself into this mess in the first place. I was considering using locomotivecms so decided to install all kinds of ruby stuff and in the course of doing that followed these instructions or something similar:
This was just a couple months ago, so my only remaining conundrum which someone might answer is this:
what happened to the curl-ca-bundle formula and
Just curious if brew update magically deletes stuff :)
In any case anyone who does ruby stuff might run into the above problem.
Well this answers the question when it disappeared. I understand why it was deprecated - it will save future headaches. Since it's not available new installers won't run into this issue.
But anyone who installed it in past following instructions that are "out there" will have problems if they updated their profile or bashrc file with the export.
I still remain curious if it was the brew update that removed it from my Cellar - i.e. is that standard behavior of brew update on deprecated formulas.
referenced this issue
Nov 3, 2014
added a commit
Aug 16, 2015
Same error… OS X 10.11 GM.