It appears curl is broken in the latest update for 13.1-RELEASE jails due to missing ca-bundle:
The problem appears to be that curl-7.87.0 was built with CA_BUNDLE disabled.
The ca-bundle was restored in curl-7.87.0_1 but this fix is only in the
Code:
# curl -v https://www.truenas.com * Trying 68.70.207.4:443... * Connected to www.truenas.com (68.70.207.4) port 443 (#0) * ALPN: offers h2 * ALPN: offers http/1.1 * CAfile: none * CApath: /etc/ssl/certs/ * [CONN-0-0][CF-SSL] TLSv1.3 (OUT), TLS handshake, Client hello (1): * [CONN-0-0][CF-SSL] TLSv1.3 (IN), TLS handshake, Server hello (2): * [CONN-0-0][CF-SSL] TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * [CONN-0-0][CF-SSL] TLSv1.3 (IN), TLS handshake, Certificate (11): * [CONN-0-0][CF-SSL] TLSv1.3 (OUT), TLS alert, unknown CA (560): * SSL certificate problem: unable to get local issuer certificate * Closing connection 0 curl: (60) SSL certificate problem: unable to get local issuer certificate More details here: https://curl.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above.
The problem appears to be that curl-7.87.0 was built with CA_BUNDLE disabled.
The ca-bundle was restored in curl-7.87.0_1 but this fix is only in the
latest
repo and this version is not available in the quarterly
repo that jails use by default.