On 12/12/2016 9:25 PM, 杨俊 wrote:
> /tmp # ./curl -v --cacert /tmp/cacert.pem https://curl.haxx.se/
> * Trying 80.67.6.50...
> * TCP_NODELAY set
> * Connected to curl.haxx.se <http://curl.haxx.se> (80.67.6.50) port
> 443 (#0)
> * ALPN, offering h2
> * ALPN, offering http/1.1
> * Cipher selection:
> ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
> * successfully set certificate verify locations:
> * CAfile: /tmp/cacert.pem
> CApath: none
> * TLSv1.2 (OUT), TLS handshake, Client hello (1):
> * TLSv1.2 (IN), TLS handshake, Server hello (2):
> * TLSv1.2 (IN), TLS handshake, Certificate (11):
> * TLSv1.2 (OUT), TLS alert, Server hello (2):
> * SSL certificate problem: unable to get local issuer certificate
> * Curl_http_done: called premature == 1
> * stopped the pause stream!
> * Closing connection 0
> curl: (60) SSL certificate problem: unable to get local issuer certificate

Maybe that's a really old certificate bundle? Does your system have a
default ca bundle? I tried a bundle from 2015 and it works ok to verify
curl.haxx.se. Get the latest cacert.pem from
https://curl.haxx.se/docs/caextract.html and if it still doesn't work
reply with your curl -V.

-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-users
FAQ: https://curl.haxx.se/docs/faq.html
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-12-13