Curl does not find ca-certificates [SOLVED]

Hi,

Seems like curl does not find ca-certificates. I tried to use dyndns and had no luck with it (curl error 77 in logs). Needed to install wget to get things working (along with ca-certificates).

Curl seems to insist on looking at /etc/ssl/ca-certificates.crt, despite it supposedly should support the argument --capath:

root@LEDE:~# curl --capath /etc/ssl/certs/  https://curl.haxx.se/ca/cacert.pem
curl: (77) Error reading ca cert file /etc/ssl/certs/ca-certificates.crt - mbedTLS: (-0x3E00) PK - Read/write of file failed

This happens with any https:// address.

Is this a bug in current curl? If not, dyndns article should be updated (along with LUCI hints).

opkg update; opkg install ca-bundle; opkg upgrade ca-bundle
1 Like

Thank you, vgaetra.

Edited wiki.

If your problem is solved, please consider marking this topic as [Solved]. (Click the pencil behind the topic...)

1 Like

Done, marked as solved!

I'm still a bit dumbfounded, wether curl should work or not without this bundle. Previously, it used to, at least according to Wiki? Also the command line parameters hint it should work by giving a directory to it? But it doesn't.

However, things (whatever I need to do with the router) work for me fine, so I don't really care enough to dig into (curl documentation / whatever) any further. This is just a remark, maybe someone knows better (and can report a bug report upstream if needed).

Only the the most important packages are preinstalled in default firmware to increase compatibility with low memory devices.

I know that, I think we are talking different things here.

I had curl and ca-certificates installed as per Wiki (seems there are two nearly-identical pages which should be merged?). There clearly are certificates in /etc/ssl/certs, LUCI stops giving tips (as if SSL should be working), but it doesn't - neither from command line even if I try to point CURL in the right directory manually with --capath (and the dir clearly is populated by some certs).

Things were concentrated on ca_bundle to eliminate redundancy; should just need the one now.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.