I checked how HaikuOS was doing this as I have that easily available and they seem to have compiled curl with a cafile (pointing to cacert.pem) instead of using the capath as the nekoware version. Using the capath seems more elegant, so I had a look at splitting up the file.
I managed to make an awk script that worked for me to split up the cacert.pem file into individual pem files.
It is as follows:
Code:
/\=\=\=\=/ {filename=prevline}{prevline=$0}
/BEGIN CERTIFICATE/, /END CERTIFICATE/ {print > filename ".pem"}
/END CERTIFICATE/ {close filename ".pem"}
You can save it in a file (for example split_certificates.awk) and then execute it with "awk -f split_certificates.awk cacert.pem". It will create a lot of pem files with the names set to the issuer. You can then copy those (excluding cacert.pem) to the /usr/nekoware/certs directory and run c_rehash (do both steps with a user that has rights to write to the folder).
Curl should then be able to access any https site with a valid certificate (assuming the root certificate was in the cacert.pem file).
This fixed my problem with Git and I can now clone a project, though I have only done a little bit of testing so far.
