SSL:'unable to get local issuer certificate'
SSL: 'unable to get local issuer certificate'
我正在使用 OSX: 10.12.4
我最初可以毫无问题地使用 git、homebrew 和 curl。我不记得我做了什么导致它,但突然间这些 SSL 错误开始出现在我的 git 命令中。
我在 运行 任何 git 命令上收到 unable to get local issuer certificate 错误。此外,尝试使用 brew install git.
重新安装 git 时出现错误
brew 输出的相关部分:
Downloading https://www.kernel.org/pub/software/scm/git/git-2.12.2.tar.xz
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
我试过了:
- 正在重启
- 将 ~/Library/Keychains 文件夹移动到 ~/Desktop,然后重新启动
- 在 Safari 上导航到 https://www.kernel.org/pub/software/scm/git,并且
viewing the certificate。根据 [这些说明](不能 post 超过 2 个链接,抱歉),"Always trust" 站点应该有一个复选框。我没有看到这个复选框。
- 我本来打算尝试钥匙串急救,但是,这个功能在最近的 Mac OS.
中被删除了
- 我尝试浏览了许多其他类似的问题,但是,对于许多问题,我无法理解或遵循答案中的说明。
例如,也许 squid808 对类似问题的 answer 可以帮助我。他说 "Instead, it is the Root CA Cert from our domain that I should have been exporting and telling Git to trust." 我不太了解这意味着什么,或者它是否与我相关,或者我将如何去做这件事。根据我的研究,这似乎更适合 运行 服务器。好像也是windows,我在Mac.
我知道,作为 临时 修复,除了 curl 中的 -k 选项外,我还可以使用 git config --global http.sslVerify false。这些变通办法是不安全的,所以我想尽快 运行 恢复我的 SSL 安全。
curl -L https://homebrew.bintray.com/bottles/libpng-1.6.29.sierra.bottle.tar.gz | bash -s stable 的输出(同样失败的 brew 尝试的一部分)
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
抱歉
- 如果我为解决此问题所做的以下尝试看起来分散且杂乱无章,那是因为我很困惑这是否是与 git、curl 或两者都不相关而只是 SSL 证书更相关的问题一般来说。请让我知道是否应该修复此问题的标签。
- 我本可以 posted 更相关的链接和图片,但我受限于声誉。
我还有另一个帐户无法保持良好的声誉。我正在尝试识别并修复我之前做错的所有事情。非常感谢任何关于我如何提高这个问题质量的反馈。谢谢。
这与 Homebrew/brew issue 1625, and documented by Eduard Rozenberg (edrozenberg) 中的报道相似:
Similar-sounding problems also reported by John Siracusa of ATP Podcast on the Dec 7 podcast.
Most likely trigger for the problem: enabling iCloud Keychain in iCloud settings
One or more observable symptoms when issue is happening:
- A pop-up MacOS message that keychain has to be repaired/reset
- When looking at Keychain Access tool, keychains appear to be empty and set to Read-Only mode
- When looking at Keychain Access tool, keychain icons on sidebar are missing (dotted borders)
- Trying to navigate to https://google.com in Google Chrome fails with an SSL CERT error
Running brew search pip for example, shows the curl (35) certificate error message
The problem can be temporarily resolved by logging out and back in, and/or rebooting. After it is resolved, the Keychain Access tool will show all the keychains and their contents as it should. The problem is likely to recur at a later time.
Hoping (fingers X) that a Mac OS patch (maybe 10.12.2?) will resolve the root cause.
Otherwise one idea is to disable the iCloud Keychain option in iCloud prefs (have not yet tried).
自从你在 Mac Sierra 10.12.4 中...我怀疑还没有补丁解决这个问题。
这个other issue mentions (by jamver):
I encountered this issue specifically after updating to macOS Sierra (10.12), with resolution coming from the workaround from this legacy-homebrew ticket:
cd ~
sudo wget http://curl.haxx.se/ca/cacert.pem
export CURL_CA_BUNDLE=~/cacert.pem
FWIW, this solved most, but not all issues. The others I resolved by manually downloading the packages using wget and placing them in the Homebrew Cache Dir.
I'd be interested to know the correct fix. e.g. Update system ca bundle? Apple patch required for system bundle?
我需要 运行 brew doctor 并解决一个问题。然后我需要重新启动我的 shell。最后,在这两个步骤之后, brew install 再次运行。
不幸的是,我无法确定哪个警告指向肇事者。当我第一次 运行 brew doctor 时,可能有大约 10 个警告。在我意识到我需要重新启动我的 shell 之前,我清除了很多它们,并且在重新启动之后它起作用了。
我想我找到了问题的根源:
Warning: Setting DYLD_* vars can break dynamic linking.
Set variables:
DYLD_LIBRARY_PATH: /Applications/MATLAB/MATLAB_Runtime/v92/runtime/maci64:/Applications/MATLAB/MATLAB_Runtime/v92/sys/os/maci64:/Applications/MATLAB/MATLAB_Runtime/v92/bin/maci64
注释掉行
set -x DYLD_LIBRARY_PATH /Applications/MATLAB/MATLAB_Runtime/v92/runtime/maci64:/Applications/MATLAB/MATLAB_Runtime/v92/sys/os/maci64:/Applications/MATLAB/MATLAB_Runtime/v92/bin/maci64
in ~/.config/fish/config.fish 然后重新启动我的 shell 到目前为止似乎解决了我的问题。
感谢@VonC 提到导致我尝试 brew doctor 的问题。
我今晚遇到了这个问题,将时钟的时区修复为“自动”或本地时区。
我在法国收到客户的笔记本电脑,时区设置为加拿大的另一个地方。
更改它,重新启动然后一切正常。
我正在使用 OSX: 10.12.4
我最初可以毫无问题地使用 git、homebrew 和 curl。我不记得我做了什么导致它,但突然间这些 SSL 错误开始出现在我的 git 命令中。
我在 运行 任何 git 命令上收到 unable to get local issuer certificate 错误。此外,尝试使用 brew install git.
brew 输出的相关部分:
Downloading https://www.kernel.org/pub/software/scm/git/git-2.12.2.tar.xz
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
我试过了:
- 正在重启
- 将 ~/Library/Keychains 文件夹移动到 ~/Desktop,然后重新启动
- 在 Safari 上导航到 https://www.kernel.org/pub/software/scm/git,并且 viewing the certificate。根据 [这些说明](不能 post 超过 2 个链接,抱歉),"Always trust" 站点应该有一个复选框。我没有看到这个复选框。
- 我本来打算尝试钥匙串急救,但是,这个功能在最近的 Mac OS. 中被删除了
- 我尝试浏览了许多其他类似的问题,但是,对于许多问题,我无法理解或遵循答案中的说明。
例如,也许 squid808 对类似问题的 answer 可以帮助我。他说 "Instead, it is the Root CA Cert from our domain that I should have been exporting and telling Git to trust." 我不太了解这意味着什么,或者它是否与我相关,或者我将如何去做这件事。根据我的研究,这似乎更适合 运行 服务器。好像也是windows,我在Mac.
我知道,作为 临时 修复,除了 curl 中的 -k 选项外,我还可以使用 git config --global http.sslVerify false。这些变通办法是不安全的,所以我想尽快 运行 恢复我的 SSL 安全。
curl -L https://homebrew.bintray.com/bottles/libpng-1.6.29.sierra.bottle.tar.gz | bash -s stable 的输出(同样失败的 brew 尝试的一部分)
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
抱歉
- 如果我为解决此问题所做的以下尝试看起来分散且杂乱无章,那是因为我很困惑这是否是与 git、curl 或两者都不相关而只是 SSL 证书更相关的问题一般来说。请让我知道是否应该修复此问题的标签。
- 我本可以 posted 更相关的链接和图片,但我受限于声誉。
我还有另一个帐户无法保持良好的声誉。我正在尝试识别并修复我之前做错的所有事情。非常感谢任何关于我如何提高这个问题质量的反馈。谢谢。
这与 Homebrew/brew issue 1625, and documented by Eduard Rozenberg (edrozenberg) 中的报道相似:
Similar-sounding problems also reported by John Siracusa of ATP Podcast on the Dec 7 podcast.
Most likely trigger for the problem: enabling iCloud Keychain in iCloud settings
One or more observable symptoms when issue is happening:
- A pop-up MacOS message that keychain has to be repaired/reset
- When looking at Keychain Access tool, keychains appear to be empty and set to Read-Only mode
- When looking at Keychain Access tool, keychain icons on sidebar are missing (dotted borders)
- Trying to navigate to https://google.com in Google Chrome fails with an SSL CERT error Running brew search pip for example, shows the curl (35) certificate error message
The problem can be temporarily resolved by logging out and back in, and/or rebooting. After it is resolved, the Keychain Access tool will show all the keychains and their contents as it should. The problem is likely to recur at a later time.
Hoping (fingers X) that a Mac OS patch (maybe 10.12.2?) will resolve the root cause.
Otherwise one idea is to disable the iCloud Keychain option in iCloud prefs (have not yet tried).
自从你在 Mac Sierra 10.12.4 中...我怀疑还没有补丁解决这个问题。
这个other issue mentions (by jamver):
I encountered this issue specifically after updating to macOS Sierra (10.12), with resolution coming from the workaround from this legacy-homebrew ticket:
cd ~
sudo wget http://curl.haxx.se/ca/cacert.pem
export CURL_CA_BUNDLE=~/cacert.pem
FWIW, this solved most, but not all issues. The others I resolved by manually downloading the packages using wget and placing them in the Homebrew Cache Dir.
I'd be interested to know the correct fix. e.g. Update system ca bundle? Apple patch required for system bundle?
我需要 运行 brew doctor 并解决一个问题。然后我需要重新启动我的 shell。最后,在这两个步骤之后, brew install 再次运行。
不幸的是,我无法确定哪个警告指向肇事者。当我第一次 运行 brew doctor 时,可能有大约 10 个警告。在我意识到我需要重新启动我的 shell 之前,我清除了很多它们,并且在重新启动之后它起作用了。
我想我找到了问题的根源:
Warning: Setting DYLD_* vars can break dynamic linking.
Set variables:
DYLD_LIBRARY_PATH: /Applications/MATLAB/MATLAB_Runtime/v92/runtime/maci64:/Applications/MATLAB/MATLAB_Runtime/v92/sys/os/maci64:/Applications/MATLAB/MATLAB_Runtime/v92/bin/maci64
注释掉行
set -x DYLD_LIBRARY_PATH /Applications/MATLAB/MATLAB_Runtime/v92/runtime/maci64:/Applications/MATLAB/MATLAB_Runtime/v92/sys/os/maci64:/Applications/MATLAB/MATLAB_Runtime/v92/bin/maci64
in ~/.config/fish/config.fish 然后重新启动我的 shell 到目前为止似乎解决了我的问题。
感谢@VonC 提到导致我尝试 brew doctor 的问题。
我今晚遇到了这个问题,将时钟的时区修复为“自动”或本地时区。
我在法国收到客户的笔记本电脑,时区设置为加拿大的另一个地方。
更改它,重新启动然后一切正常。