curl で https にアクセスしたらSSLの検証がエラーになった
takuya@letsnote:~$ curl https://github.com/gyazo/Gyazo.git curl: (60) SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed More details here: http://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option.
調べてみたら
http://www.goodpic.com/mt/archives2/2011/02/github_clonessl.html:tite
どうやらCurlがSSLでエラーになると事が原因らしい。GitもWgetもCurlも同じ理由で落ちているらしい。とりあえずCurlのエラーに対応する。
エラーの内容の指定されたURLをたたくと
These days, the curl archives include no ca certs at
cURL - SSL CA Certificates
all. You need to get them elsewhere. See below for example.
最近のcurlはCAのCERTをバンドルしてないのでOS標準で用意されてるモノか、自分で用意しろってことです。
詳しく読むと
PATHが通っているところにcurl-ca-bundle.crtを置けばいいとのこと
4. If you're using the curl command line tool, you can specify your own CA
cURL - SSL CA Certificates
cert path by setting the environment variable CURL_CA_BUNDLE to the path
of your choice.
If you're using the curl command line tool on Windows, curl will search
for a CA cert file named "curl-ca-bundle.crt" in these directories and in
this order:
1. application's directory
2. current working directory
3. Windows System directory (e.g. C:\windows\system32)
4. Windows Directory (e.g. C:\windows)
5. all directories along %PATH%
つまりFirefoxから証明書を取り出せばいいとのこと
bagder/curl · GitHubを使ってFirefoxからルート証明書一式を取り出して使えばいいと分かった。
