This repository has been archived by the owner. It is now read-only.

Error with ca-bundle.crt #32065

Closed
ghost opened this Issue Sep 3, 2014 · 9 comments

Comments

Projects
None yet
6 participants
@ghost
Copy link

ghost commented Sep 3, 2014

I am having an issue similar to #32019

Here is the gist:

https://gist.github.com/atrauring/ad5bdb857ce741673f08

I installed Yosemite a long time ago and brew was working just fine, although I did update to the latest version today. More on that later.

So I did a brew update and then upgrade. originally I was getting this error:

curl: (77) SSL: can't load CA certificate file /usr/local/opt/curl-ca-bundle/share/ca-bundle.crt

So I looked at that path and saw that opt/curl-ca-bundle was a link to a Cellar/curl-ca-bundle/1.87 or some such (I deleted the link as you will see so I can;t be sure of version number)

But when I looked in the Cellar directory there was indeed no such directory so perhaps the upgrade deleted this? So I tried brew "install curl-ca-bundle" and it says "formula not found". Strange - where did I get that formula in the first place?

so I did a download manually from the curl site and relinked the opt/curl-ca-bundle/ to where I put it. That's when I get this error:

curl: (51) SSL: certificate verification failed (result: 5)

I followed the thread in 32019 - wget works, brew curl gives same error and I don't have a .curlrc in my home directory. I tried restarting several times - didnt help.

Like I said, I did upgrade to latest Yosemite version today and perhaps that is relevant in that I had reported a bug to Apple that I couldn't turn on my iCloud keychain and this new version fixes that bug so now I have iCloud keychain working again. But I am pretty sure it was working when I first installed Yosemite and brew was behaving. Also what happened to the brew curl-ca-bundle formula that seemed to solve the problem in the past??????????????

I've been doing a bit more research on this topic so am adding some more comments:

When I go directly to the URL in Safari (not using curl) the libpng file downloads perfectly, which means in the Apple keychain there are proper keys. Also I try importing the curl .pem file into the keychain but it won't let me:

$ security add-trusted-cert /usr/local/tmp/curl-ca-bundle/share/cacert.pem
SecTrustSettingsSetTrustSettings: Unknown format in import.

From what I read here

http://curl.haxx.se/mail/archive-2013-10/0036.html

Apple's curl seems to use the info in the keychain. So why is brew pushing curl to look in opt.... instead of just relying on the Apple keychain?

Hopefully this additional info gives you a few more clues.

@ghost

This comment has been minimized.

Copy link

ghost commented Sep 3, 2014

Ooops. Found the problem. The reference to opt.. was hardcoded into my profile!!!!!

export SSL_CERT_FILE=/usr/local/opt/curl-ca-bundle/share/ca-bundle.crt

I must have followed some instructions when I originally installed brew that install that curl-ca-bundle formula and had me update my profile - although I don't remember doing this. Anyway, I'm sure I'm not the only one so hopefully this saves someone else the hours I wasted :)

@ghost ghost closed this Sep 3, 2014

@cvitan

This comment has been minimized.

Copy link

cvitan commented Sep 3, 2014

@atrauring thank you, I have tried to solve this for 2 days now - had the same thing.

@ghost

This comment has been minimized.

Copy link

ghost commented Sep 3, 2014

Just for the curious I actually figured out how I got myself into this mess in the first place. I was considering using locomotivecms so decided to install all kinds of ruby stuff and in the course of doing that followed these instructions or something similar:

http://www.bencurtis.com/2013/08/installing-ruby-2-dot-0/

This was just a couple months ago, so my only remaining conundrum which someone might answer is this:

what happened to the curl-ca-bundle formula and
when did it disappear and
is the reason it disappeared from my computer because I did a brew update

Just curious if brew update magically deletes stuff :)

In any case anyone who does ruby stuff might run into the above problem.

@bosr

This comment has been minimized.

Copy link
Contributor

bosr commented Sep 4, 2014

Hi, curl-ca-bundle was removed intentionally from Homebrew in April 2014: ab926db

@ghost

This comment has been minimized.

Copy link

ghost commented Sep 4, 2014

Well this answers the question when it disappeared. I understand why it was deprecated - it will save future headaches. Since it's not available new installers won't run into this issue.

But anyone who installed it in past following instructions that are "out there" will have problems if they updated their profile or bashrc file with the export.

I still remain curious if it was the brew update that removed it from my Cellar - i.e. is that standard behavior of brew update on deprecated formulas.

@jacknagel

This comment has been minimized.

Copy link
Contributor

jacknagel commented Sep 4, 2014

brew update does not uninstall things, no.

@ksol

This comment has been minimized.

Copy link
Contributor

ksol commented Nov 14, 2014

Thanks, @atrauring, that was my issue. I blindly copied files from my old mac to my new one...

@dcmoore

This comment has been minimized.

Copy link

dcmoore commented Dec 29, 2014

I did the same thing. Thanks for posting this guys!

bbasata added a commit to bbasata/dotfiles that referenced this issue Aug 16, 2015

@marv3lls

This comment has been minimized.

Copy link

marv3lls commented Sep 10, 2015

Same error… OS X 10.11 GM.
brew upgrade --verbose youtube-dl 1 ↵ Warning: You are using OS X 10.11. We do not provide support for this pre-release version. You may encounter build failures or other breakage. ==> Upgrading 1 outdated package, with result: youtube-dl 2015.09.09 ==> Upgrading youtube-dl rm /usr/local/bin/youtube-dl rm /usr/local/etc/bash_completion.d/youtube-dl.bash-completion rm /usr/local/share/fish/vendor_completions.d/youtube-dl.fish rm /usr/local/share/man/man1/youtube-dl.1 rm /usr/local/share/zsh/site-functions/_youtube-dl rmdir /usr/local/share/fish/vendor_completions.d rmdir /usr/local/share/fish ==> Downloading https://yt-dl.org/downloads/2015.09.09/youtube-dl-2015.09.09.tar.gz /usr/bin/curl -fLA Homebrew 0.9.5 (Ruby 2.0.0-645; OS X 10.11) https://yt-dl.org/downloads/2015.09.09/youtube-dl-2015.09.09.tar.gz -C 0 -o /Library/Caches/Homebrew/youtube-dl-2015.09.09.tar.gz.incomplete % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (77) SSL: can't load CA certificate file /usr/share/curl/ca-bundle.crt Error: Failed to download resource "youtube-dl" Download failed: https://yt-dl.org/downloads/2015.09.09/youtube-dl-2015.09.09.tar.gz ln -s ../../Cellar/youtube-dl/2015.09.03/etc/bash_completion.d/youtube-dl.bash-completion youtube-dl.bash-completion ln -s ../Cellar/youtube-dl/2015.09.03/bin/youtube-dl youtube-dl ln -s ../../../Cellar/youtube-dl/2015.09.03/share/fish/vendor_completions.d/youtube-dl.fish youtube-dl.fish ln -s ../../../Cellar/youtube-dl/2015.09.03/share/man/man1/youtube-dl.1 youtube-dl.1 ln -s ../../../Cellar/youtube-dl/2015.09.03/share/zsh/site-functions/_youtube-dl _youtube-dl

@Homebrew Homebrew locked and limited conversation to collaborators Feb 17, 2016

This issue was closed.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.