James Crake-Merani <james@xxxxxxxxxxxxx> wrote:
> Hello,
>
> After my last update, I noticed a strange issue: I could not do anything that required HTTPS. I could not use curl, update the system etc. I eventually traced the problem back to ca-certificates. I noticed that /etc/ca-certificates/extracted/tls-ca-bundle.pem , which although still existed on the system, was just a completely empty file while on my laptop it was filled with certificates. What I had to do was copy over the missing certificates from my laptop, and then it was working. But what I noticed is that previously I had downgraded some ca-certificates packages (specifically the utils, and mozilla one I think),and when I upgraded the system the certificates were all once again missing, and I had to replace them for a second time.
$ pacman -Qi ca-certificates-utils|grep 'Provides\|Required'
Provides : ca-certificates ca-certificates-java
Required By : ca-certificates-mozilla curl neon
$ pacman -Qo /etc/ca-certificates/extracted
/etc/ca-certificates/extracted/ is owned by ca-certificates-utils 20220905-1
$ pacman -Qo /etc/ca-certificates/extracted/tls-ca-bundle.pem
error: No package owns /etc/ca-certificates/extracted/tls-ca-bundle.pem
$ ls /etc/ca-certificates/extracted/tls-ca-bundle.pem -l
-r--r--r-- 1 root root 220514 Sep 14 14:32 /etc/ca-certificates/extracted/tls-ca-bundle.pem
>
> I am not educated at all on the ca-certificates package. I assume it has something to do with SSL but I know little beyond that. I therefore can't deduce whether this issue is the fault of a bug, or if I have done something wrong. I'd like to know if anyone has experienced this problem as well, or if someone has knowledge that might be of use.
It could be /etc/ca-certificates/extracted/tls-ca-bundle.pem is the output
of some install script. Perhaps you should install the latest
ca-certificates-mozilla, run pacman -Qkk, and see if the issue will return.
I assume you did something wrong, but I didn't delve further into it.
>
> Thanks.
> James Crake-Merani
--
u34
