cURL / wget - SSLv3, handshake de TLS, CERT trava

curl -v --trace-time https://www.google.de

21:50:34.054955 * About to connect() to www.google.de port 443
21:50:34.056574 *   Trying 74.125.39.104... connected
21:50:34.104587 * Connected to www.google.de (74.125.39.104) port 443
21:50:34.313259 * successfully set certificate verify locations:
21:50:34.313349 *   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
21:50:34.313758 * SSLv2, Client hello (1):
SSLv3, TLS handshake, Server hello (2):
SSLv3, TLS handshake, CERT (11):
SSLv3, TLS handshake, Server finished (14):
SSLv3, TLS handshake, Client key exchange (16):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSL connection using RC4-SHA
21:50:34.418541 * Server certificate:
21:50:34.418631 *        subject: /C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com
21:50:34.418726 *        start date: 2011-10-26 00:00:00 GMT
21:50:34.418799 *        expire date: 2013-09-30 23:59:59 GMT
21:50:34.418902 * SSL: certificate subject name 'www.google.com' does not match target host name 'www.google.de'
21:50:34.419000 * Closing connection #0
21:50:34.419124 * SSLv3, TLS alert, Client hello (1):
curl: (51) SSL: certificate subject name 'www.google.com' does not match target host name 'www.google.de'

Parece que você não pode verificar o certificado porque está faltando o ca-bundle.crt. Isso pertence (no CentOS 5) ao openssl-rpm.

Uma boa maneira de gerenciar essas coisas no Mac OS X / Darwin seria instalar um gerenciador de pacotes como o Homebrew ( link )

Dessa forma, ao instalar softwares como o cURL, você também obteria toda a lista de dependências ou apenas brew install openssl e o problema resolvido;)