Project

General

Profile

Actions

Bug #12737

open

CApath is not defined by default in curl

Added by Danilo Zrenjanin 4 months ago. Updated 5 days ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Certificates
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
22.09
Release Notes:
Default
Affected Version:
2.5.2
Affected Architecture:

Description

When executing the curl command from the pfSense, CApath is not defined by default.

[2.5.2-RELEASE][admin@xxxx]/root: curl -v https://sede.mites.gob.es
*   Trying 192.148.211.13:443...
* Connected to sede.mites.gob.es (192.148.211.13) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /usr/local/share/certs/ca-root-nss.crt
*  CApath: none
Actions #1

Updated by Viktor Gurov 4 months ago

This is why curl ignores Trust Store CA (/etc/ssl/certs)

Actions #2

Updated by Jim Pingle 4 months ago

  • Category changed from Unknown to Certificates
  • Target version changed from 2.6.0 to 2.7.0
  • Plus Target Version changed from 22.01 to 22.05
Actions #3

Updated by Marcos Mendoza 11 days ago

For reference, this the cert store can be specified:

curl -vso /dev/null --cacert /etc/ssl/certs/a734448e.0 --connect-timeout 5 https://lanhost.lab.arpa --resolve 'lanhost.lab.arpa:443:172.19.5.100'

Actions #4

Updated by Jim Pingle 5 days ago

  • Plus Target Version changed from 22.05 to 22.09
Actions

Also available in: Atom PDF