James Crake-Merani <james@jamescm.co.uk> wrote:

Hello,

After my last update, I noticed a strange issue: I could not do anything that required HTTPS. I could not use curl, update the system etc. I eventually traced the problem back to ca-certificates. I noticed that /etc/ca-certificates/extracted/tls-ca-bundle.pem , which although still existed on the system, was just a completely empty file while on my laptop it was filled with certificates. What I had to do was copy over the missing certificates from my laptop, and then it was working. But what I noticed is that previously I had downgraded some ca-certificates packages (specifically the utils, and mozilla one I think),and when I upgraded the system the certificates were all once again missing, and I had to replace them for a second time.

$ pacman -Qi ca-certificates-utils|grep 'Provides\|Required' Provides : ca-certificates ca-certificates-java Required By : ca-certificates-mozilla curl neon $ pacman -Qo /etc/ca-certificates/extracted /etc/ca-certificates/extracted/ is owned by ca-certificates-utils 20220905-1 $ pacman -Qo /etc/ca-certificates/extracted/tls-ca-bundle.pem error: No package owns /etc/ca-certificates/extracted/tls-ca-bundle.pem $ ls /etc/ca-certificates/extracted/tls-ca-bundle.pem -l -r--r--r-- 1 root root 220514 Sep 14 14:32 /etc/ca-certificates/extracted/tls-ca-bundle.pem

I am not educated at all on the ca-certificates package. I assume it has something to do with SSL but I know little beyond that. I therefore can't deduce whether this issue is the fault of a bug, or if I have done something wrong. I'd like to know if anyone has experienced this problem as well, or if someone has knowledge that might be of use.

It could be /etc/ca-certificates/extracted/tls-ca-bundle.pem is the output of some install script. Perhaps you should install the latest ca-certificates-mozilla, run pacman -Qkk, and see if the issue will return. I assume you did something wrong, but I didn't delve further into it.

Thanks. James Crake-Merani

-- u34