SSL load_cert_crl_file "system lib" errors
Philip Pemberton
lists at philpem.me.uk
Fri Jan 21 17:04:32 CST 2011
On 21/01/11 22:32, Steve Borho wrote:
>> philpem at cheetah:/var/www/isis$ hg push
>> abort: error: _ssl.c:328: error:0B084002:x509 certificate
>> routines:X509_load_cert_crl_file:system lib
>
> This is OpenSSL's idea of: Unable to parse certificate file.
OK... looks like Mercurial wants DER format certificates (not PEM format).
If I use the system-global CA file (/etc/ssl/certs/ca-certificates.crt),
it works fine.
If I use the certificates from http://curl.haxx.se/docs/caextract.html
(which are linked from the Mercurial wiki at
http://mercurial.selenic.com/wiki/CACertificates) then I get the above
error.
So the solution is to grab StartSSL's key, cat it together with the
system CA bundle, then pass the link to Mercurial. Although it seems
StartSSL's root key is already in Ubuntu's CA bundle, so step #2 isn't
really necessary...
Thanks,
--
Phil.
lists at philpem.me.uk
http://www.philpem.me.uk/
More information about the Mercurial
mailing list