Hacker News new | past | comments | ask | show | jobs | submit login

cURL doesn't provide a CA bundle any more [1], it's the job of your OS to provide this. As I understand it, all tools that provide SSL support will fail safe if there are no root CAs on your system. [1] http://curl.haxx.se/docs/sslcerts.html



Though, to be fair:

    $ pacman -Qi ca-certificates | grep 'Required By'
    Required By    : ca-certificates-java  curl  glib-networking  neon  qca  qt4
Note that curl is on that list but wget isn't.


Pacman lists ca-certificates as an optional requirement of wget: https://www.archlinux.org/packages/extra/x86_64/wget/

But the point halfasleep is making is important: Don't assume either wget or curl will validate your SSL connection because it may not have been set up by your OS/distribution.


I wasn't that wrong then. ;)


They do still provide a bundle[1] though, for cases where you need it (eg homebrew's curl-ca-bundle package).

  [1]: http://curl.haxx.se/docs/caextract.html




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: