When the resources dir is removed from libphutil, anything that uses curl (auth with persona, for example) start failing with something like:
EXCEPTION: (HTTPFutureCURLResponseStatus) [cURL/77] (https://verifier.login.persona.org/verify) The SSL CA Bundles that we tried to use could not be read or are not formatted correctly. at [<phutil>/src/future/http/HTTPSFuture.php:408]
If I restore the resources/ssl/default.pem file, things start working correctly. This issue could be limited to persona but I suspect that other things may be affected.
resources/ssl/default.pem
Set curl.cainfo in /etc/php.d/20-curl.ini to /etc/pki/tls/certs/ca-bundle.crt and this problem is resolved.
curl.cainfo
/etc/php.d/20-curl.ini
/etc/pki/tls/certs/ca-bundle.crt
This also causes a problem with arc install-certificates when setting up KDE Phabricator, the error there is something like
arc install-certificates
Usage Exception: Failed to connect to server (https://phabricator.kde.org/api/): [cURL/77] (https://phabricator.kde.org/api/conduit.ping) <CURLE_SSL_CACERT_BADFILE> The SSL CA Bundles that we tried to use could not be read or are not formatted correctly.
Both workarounds suggested here still work in Fedora 31. Alas intensive Google searching didn't find this issue :disappointed: ; I hope this comment makes it more findable.
It might be better to modify /etc/php.ini instead, it has a section with comments to set curl.cainfo.
/etc/php.ini
Login to comment on this ticket.