SSL certificate for curl disappears after Mountain Lion upgrade

homebrewosx-mountain-lion

I recently upgraded to OS X Mountain Lion, and when I run curl-config --ca I get an empty line. Details about curl:

curl 7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8r zlib/1.2.5
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smtp     smtps telnet tftp 
Features: AsynchDNS GSS-Negotiate IPv6 Largefile NTLM NTLM_WB SSL libz

The issue is that I can't run brew update unless I update the certificate because I get the following error:

Initialized empty Git repository in /usr/local/.git/
error: SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed while accessing https://github.com/mxcl/homebrew.git/info/refs
fatal: HTTP request failed
Error: Failure while executing: git fetch origin

The homebrew help forums say I need to update the certificate. However, unless I can find where curl is storing the certificate, I can't update it.

EDIT: The solution presented by HeatfanJohn below:

I just noticed that there is a Macport for curl-ca-bundle. Sorry for the possibly simple question, but did you install curl or did it come preinstalled? You might want to consider installing MacPorts and then installing curl-ca-bundle using MacPorts, although looking quickly at the Portfile this MacPort appears to just put the bundle into /usr/share which you can also do manually.

The command to install from MacPorts is port install curl. Installing from MacPorts resolves the issue.

Best Answer

I mostly run curl on Winodws, but from the curl documentation the following should work:

If you're using the curl command line tool, you can specify your own CA cert path by setting the environment variable CURL_CA_BUNDLE to the path of your choice.

Then download the lastest .pem file from http://curl.haxx.se/ca/cacert.pem placing the .pem in the directory path that you specify in the CURL_CA_BUNDLE environment variable. The documentation is a little vague as to whether the environment variable points to the file or directory. I would try pointing it to the file.

On Windows, curl looks for the .pem file as file curl-ca-bundle.crt in the same directory where the curl executable lives. That may also work. I have an old MAC at home. I will test this later tonight.

curl-config --ca returns /usr/share/curl/curl-ca-bundle.crt for me.

I just noticed that there is a Macport for curl-ca-bundle. Sorry for the possibly simple question, but did you install curl or did it come preinstalled? You might want to consider installing MacPorts and then installing curl-ca-bundle using MacPorts, although looking quickly at the Portfile this MacPort appears to just put the bundle into /usr/share which you can also do manually.

I installed curl from Macports and now I have version 7.27.0 installed and it is configured to use the latest curl-ca-bundle.crt file. See below:

sams-mac:~ sam$ curl --version
curl 7.27.0 (powerpc-apple-darwin8.11.0) libcurl/7.27.0 OpenSSL/1.0.1c zlib/1.2.7 libidn/1.25
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smtp smtps telnet tftp 
Features: IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP

sams-mac:~ sam$ curl-config --ca
/opt/local/share/curl/curl-ca-bundle.crt

sams-mac:~ sam$ ls -l /opt/local/bin/curl*
-rwxr-xr-x   1 root  admin  147012 Aug  3 11:00 /opt/local/bin/curl
-rwxr-xr-x   1 root  admin    4988 Aug  3 11:00 /opt/local/bin/curl-config
sams-mac:~ sam$
Related Topic