Mysterious cURL SSL Error Mac OSX and XAMPP

And how to fix it…

Just got a fresh install from work. I open things up and try to install homebrew. I get the following error:

curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). The default
 bundle is named curl-ca-bundle.crt; you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

So, the first thing I try to do is update my certs with safari. Basically, there’s a trick where you can visit a secure url in safari and if the cert is not added/trusted yet, safari will handle everything for you. Just visit the url, trust the cert in safari and it will take care of adding it to your certificates, root CA and all. Super simple, rather than copying and manually installing with http://curl.haxx.se/ca/cacert.pem

When I visit the page, safari acts like everthing is ok. This got me wondering…what’s in my $PATH?

echo $PATH

I see that I have “:/XAMPP/xamppfiles/bin:” which might not be what I want. Then where am I executing curl from?

which curl

There it is! My system is executing curl from within the XAMPP installation, which ships with an outdated set of ssl certs. So where is this being added to the path?

pico ~/.bash_profile

I had added a line “export $PATH:/XAMPP/xamppfiles/bin” for some reason. I removed it, restart terminal and run “which curl” again to see that now my system goes to the right place for curl (/usr/bin/curl).

 

Leave a Reply

Your email address will not be published. Required fields are marked *