curl ssl error

Hi Fellers
If I run curl -I command as user, this error shown:


$ curl -I https://dongip.ir


curl: (77) error setting certificate verify locations: 
  CAfile: /etc/ssl/certs/ca-certificates.cr 
  CApath: /etc/ssl/certs/

But I can ran as sudo without problem!!

Can help me to solve this issue?

Hi
I moved this post to applications, can you advise the openSUSE release your using and the version of curl.


zypper se -si curl


$ uname -a
Linux office-pc 5.3.18-lp152.57-preempt #1 SMP PREEMPT Fri Dec 4 07:27:58 UTC 2020 (7be5551) x86_64 x86_64 x86_64 GNU/Linux

[FONT=monospace]
$ zse -si curl

[FONT=monospace]S  | Name           | Type    | Version             | Arch   | Repository 
---+----------------+---------+---------------------+--------+----------------------- 
i  | curl           | package | 7.66.0-lp152.3.12.1 | x86_64 | Main Update Repository 
i+ | libcurl-devel  | package | 7.66.0-lp152.3.12.1 | x86_64 | Main Update Repository 
i  | libcurl4       | package | 7.66.0-lp152.3.12.1 | x86_64 | Main Update Repository 
i  | python3-pycurl | package | 7.43.0.2-lp152.2.9  | x86_64 | Main Repository

[/FONT][/FONT]

openSUSE Leap 15.2


**➜  ****~** zse -si curl 
Loading repository data... 
Reading installed packages... 

S  | Name           | Type    | Version             | Arch   | Repository 
---+----------------+---------+---------------------+--------+----------------------- 
i+ | curl           | package | 7.66.0-lp152.3.12.1 | x86_64 | Main Update Repository 
i+ | libcurl-devel  | package | 7.66.0-lp152.3.12.1 | x86_64 | Main Update Repository 
i+ | libcurl4       | package | 7.66.0-lp152.3.12.1 | x86_64 | Main Update Repository 
i  | python3-pycurl | package | 7.43.0.2-lp152.2.9  | x86_64 | Main Repository


**➜  ****~** uname -a 
Linux 5.3.18-lp152.57-default x86_64 GNU/Linux


Hi
So if you create a test user and login as that test user does your command work?

Here, I see;


os152:~> curl -I https://dongip.ir
HTTP/2 301 
content-type: text/html
date: Thu, 07 Jan 2021 15:46:25 GMT
location: https://www.dongip.ir/
server: ArvanCloud
x-xss-protection: 1; mode=block
ar-poweredby: Arvan Cloud (arvancloud.com)
ar-atime: 0.001
ar-request-id: 4f2e62c063995b890f057aa1784d8534
ar-sid: 5570

Yes, test user can run command.


[FONT=monospace]test@localhost:/home> curl -I https://dongip.ir     
HTTP/2 301  
**content-type**: text/html 
**date**: Thu, 07 Jan 2021 18:13:20 GMT 
**location**: https://www.dongip.ir/ 
**server**: ArvanCloud 
**x-xss-protection**: 1; mode=block 
**ar-poweredby**: Arvan Cloud (arvancloud.com) 
**ar-atime**: 0.000 
**ar-request-id**: d93c2727b24a4a896474480683856e3d 
**ar-sid**: 2043
[/FONT]

Hi
So as you can’t run as your normal user, add some verbosity to the output from your test user, then as normal user run the same command and compare…


curl -v -I https://dongip.ir

Normal user:


**➜  ****~** curl -v -I https://dongip.ir 
*   Trying 185.143.234.5:443... 
* TCP_NODELAY set 
* Connected to dongip.ir (185.143.234.5) port 443 (#0) 
* ALPN, offering h2 
* ALPN, offering http/1.1 
* error setting certificate verify locations: 
  CAfile: /etc/ssl/certs/ca-certificates.cr 
  CApath: /etc/ssl/certs/ 
* Closing connection 0 
curl: (77) error setting certificate verify locations: 
  CAfile: /etc/ssl/certs/ca-certificates.cr 
  CApath: /etc/ssl/certs/

test user:


test@localhost:/home> curl -v -I https://dongip.ir 
*   Trying 185.143.234.5:443... 
* TCP_NODELAY set 
* Connected to dongip.ir (185.143.234.5) port 443 (#0) 
* ALPN, offering h2 
* ALPN, offering http/1.1 
* TLSv1.3 (OUT), TLS handshake, Client hello (1): 
* TLSv1.3 (IN), TLS handshake, Server hello (2): 
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): 
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
.
.
.

You need to find where this comes from (path is wrong, it should have been /etc/ssl/certs/ca-certificates.crt. Do you have ~/.curlrc file and what is its content? What is output of “env | grep CURL”?

That’s the problem root.
I removed the .curlrc file, the problem is solved.

Hi
A result of not using su - but su and running commands in your user $HOME I suspect…