SSL load_cert_crl_file "system lib" errors

Philip Pemberton lists at
Fri Jan 21 17:04:32 CST 2011

On 21/01/11 22:32, Steve Borho wrote:
 >> philpem at cheetah:/var/www/isis$ hg push
 >> abort: error: _ssl.c:328: error:0B084002:x509 certificate
 >> routines:X509_load_cert_crl_file:system lib
 > This is OpenSSL's idea of:  Unable to parse certificate file.

OK... looks like Mercurial wants DER format certificates (not PEM format).

If I use the system-global CA file (/etc/ssl/certs/ca-certificates.crt), 
it works fine.

If I use the certificates from 
(which are linked from the Mercurial wiki at then I get the above 

So the solution is to grab StartSSL's key, cat it together with the 
system CA bundle, then pass the link to Mercurial. Although it seems 
StartSSL's root key is already in Ubuntu's CA bundle, so step #2 isn't 
really necessary...

lists at

More information about the Mercurial mailing list