After extensive searching I haven't found documentation of this problem yet.
Suddenly, possibly following a software update(?), cURL fails to establish SSL connections with this error:
curl: (35) error:0200100D:system library:fopen:Permission denied
With strace, I found out that it's trying to open an SSL certificate which is denied:
open("/etc/ssl/certs/3c58f906.0", O_RDONLY|O_LARGEFILE) = -1 EACCES (Permission denied)
This certificate is a symlink which points to AddTrust_External_Root.pem which in turn is a symlink to /usr/share/ca-certificates/mozilla/AddTrust_External_Root.crt. The permissions are such that indeed my user isn't allowed to access it:
ls -l /usr/share/ca-certificates/mozilla/AddTrust_External_Root.crt
-rw-r----- 1 root ssl-cert 1521 2011-09-01 18:48 /usr/share/ca-certificates/mozilla/AddTrust_External_Root.crt
There's probably a reason why this file isn't world-readable, but it's stopping cURL from functioning. Does anybody know the reason, and, more importantly, a safe and secure solution?
Best Answer
There is no reason for this file not to be world readable. It's not anything unique to your system and is included in the default install: http://packages.ubuntu.com/lucid/all/ca-certificates/filelist
Generally I think anything under /usr/share/ may be world readable (since its under "share").
Now why this file is not world readable on your system is the real question. A bug probably.