jcftang
commented
7 years ago I did at some point I did this, maybe it should be generalised? -- https://github.com/hashdist/hashstack/tree/master/pkgs/ca-bundle
Closed vbraun closed 7 years ago
jcftang
commented
7 years ago I did at some point I did this, maybe it should be generalised? -- https://github.com/hashdist/hashstack/tree/master/pkgs/ca-bundle
We don't include root certificates and openssl doesn't pick up the system-installed ones. Diagnostic is
instead of
A workaround is to set
SSL_CERT_FILE=/etc/pki/tls/cert.pem(on fedora). The right fix is probably to configureopenssl.cnfproperly.The question is how; The root certs are in an os-specific place on Linux, and on OSX its even worse (afaik there is no .pem format). The easiest solution would be to include our own certs, afaik thats what homebrew does (available at https://curl.haxx.se/docs/caextract.html)