[BUG]: `ca-certificates`’s files on AlamLinux 10 do not exist where `openssl` thinks they do

Open monkburger opened this issue 5 months ago • 3 comments

Is there an existing issue for this?

[x] I have searched the existing issues

Current Behavior

On AlmaLinux 8,9, ca-certificates provides /etc/pki/tls/cert.pem as a symlink to /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem but on AlmaLinux 10, it's missing.

If you call a php function that uses openssl_get_cert_locations() on any PHP version with AlmaLinux 10, it will dump this:

(
    [default_cert_file] => /etc/pki/tls/cert.pem
    [default_cert_file_env] => SSL_CERT_FILE
    [default_cert_dir] => /etc/pki/tls/certs
    [default_cert_dir_env] => SSL_CERT_DIR
    [default_private_dir] => /etc/pki/tls/private
    [default_default_cert_area] => /etc/pki/tls
    [ini_cafile] =>
    [ini_capath] =>
)

This seems to have been introduce with the version of ca-certificates that AlmaLinux 10 provides.

Expected Behavior

The symlink behavior should be restored to be more in line with the older versions of ca-certificates.

Steps To Reproduce

Spin up AL10
Execute openssl version -d and it should display this: OPENSSLDIR: "/etc/pki/tls"
Make sure PHP is installed (or curl-config) and run

php -r 'var_dump(openssl_get_cert_locations());' 4. The above should display /etc/pki/tls/cert.pem for the default cert file. 5. /etc/pki/tls/cert.pem is missing on AlmaLinux 10 (it's actually located in /etc/ssl/tls/cert.pm now)

Anything else?

No response

Search terms

ca-certificates

Aug 28 '25 13:08 monkburger