New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SSL Certificate verification issue #327
Comments
+1 |
I was with this same issue, and turns out my problem was Anaconda (python library) which installed an older version of curl, and messed up my path. Just removed, and all is fine again. |
cool, can I close this? |
I am attempting to install grails on OS X using gvm. I am getting the exact same error. I've updated everything with mac port, and my version of curl is 7.42.1. I have not installed anything python related. |
I Have same problem. using curl 7.42.1 Any help? I just ran this in console and It worked! |
I can't replicate this issue on Linux but after some digging found this article on the curl website. It seems as though your version of curl might not be picking up your CA cert bundle: From the docs it seems like this can be corrected by exporting a CURLOPT_CAPATH environment variable pointing to the path of the CA cert bundle. The alternative would be to use the -k (insecure) flag from within gvm, but that feels very wrong. Could you try out the environment variable to see if that works? |
the workaround is you can curl the file ignoring CA certificate validation change the below file
Search for curl and replace that line with
Note: adding '-k' option on CURL will ignore Certif. |
This is not a good workaround, as stated in my previous comment. It's insecure! Please read carefully what I wrote. Try pointing to a valid cert store using the environment variable and give me an update. |
i tried the below options, it is not working Executed like please suggest me if im wrong. |
Just wanted to add to the choir of voices currently experiencing this issue. |
@JGarrido would you mind helping out to try resolving this issue? I'm on Linux and can't replicate it. |
in my case, I'm using the curl from macports vs the OSX builtin one. upgrading curl-ca-bundle and curl to 7.43 fix the issue. it appears that amazon s3 is using a new signer CERT, and the latest bundle has it. |
Okay, but for those still facing this issue, we now have a config that can be set to run curl in insecure mode. This can be achieved by setting It will allow curl to ignore the CA certs bundle when it can't find it. This setting should only be used as a last resort! |
Upgrading curl to 7.43.0 resolved this for me. I'm using MacPorts. sudo port selfupdate
sudo port upgrade outdated |
with SDKMAN:
|
Yes, it's a simple port of the old config. |
+1 to @yuki-takei |
it worked @yuki-takei thanks |
If you're using WSL on Windows, one possible cause (and solution) is here: Some corporate firewalls add root certificates that do not get added to the Linux distribution used in WSL. (Usually Ubuntu.) You may need to install one manually. |
i use GIT Bash to install GVM, below is the error popping up when ever i attempt to install any candidate Note: i use mcAfee AV, i tried even after firewall disable.
Ramkumar@ACERAM:~> gvm install grails
Downloading: grails 3.0.1
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 392 0 0 191 0 --:--:-- 0:00:02 --:--:-- 291
0 0 0 0 0 0 0 0 --:--:-- 0:00:02 --:--:-- 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
End-of-central-directory signature not found. Either this file is not
a zipfile, or it constitutes one disk of a multi-part archive. In the
latter case the central directory and zipfile comment will be found on
the last disk(s) of this archive.
unzip: cannot find zipfile directory in d:/Users/Ramkumar/.gvm/archives/grails-3.0.1.zip,
and cannot find d:/Users/Ramkumar/.gvm/archives/grails-3.0.1.zip.zip, period.
Stop! The archive was corrupt and has been removed! Please try installing again.
The text was updated successfully, but these errors were encountered: