Aria2下载https链接tls错误

下载 https 链接, 使用 Aria2 是遇到了如下 SSL/TLS 错误.

01/05 08:13:04 [NOTICE] Downloading 1 item(s)

01/05 08:13:05 [ERROR] CUID#7 - Download aborted. URI=https://github.com/foamliu/Deep-Image-Matting/releases/download/v1.0/final.42-0.0398.hdf5
Exception: [AbstractCommand.cc:351] errorCode=1 URI=https://github.com/foamliu/Deep-Image-Matting/releases/download/v1.0/final.42-0.0398.hdf5
  -> [SocketCore.cc:1015] errorCode=1 SSL/TLS handshake failure:  `not signed by known authorities or invalid' `issuer is not known'

01/05 08:13:05 [NOTICE] Download GID#ac920341af9b21a0 not complete: 

Download Results:
gid   |stat|avg speed  |path/URI
======+====+===========+=======================================================
ac9203|ERR |       0B/s|https://github.com/foamliu/Deep-Image-Matting/releases/download/v1.0/final.42-0.0398.hdf5

Status Legend:
(ERR):error occurred.

aria2 will resume download if the transfer is restarted.
If there are any errors, then see the log file. See '-l' option in help/man page for details.

提示证书检查未知, 查找 aria2文档 发现还需原因是编译时 GnuTLS 的太老.

--ca-certificate= <FILE> Use the certificate authorities in FILE to verify the peers. The certificate file must be in PEM format and can contain multiple CA certificates. Use --check-certificate option to enable verification. Note If you build with OpenSSL or the recent version of GnuTLS which has gnutls_certificate_set_x509_system_trust() function and the library is properly configured to locate the system-wide CA certificates store, aria2 will automatically load those certificates at the startup. Note WinTLS and AppleTLS do not support this option. Instead you will have to import the certificate into the OS trust store.

如果不想重新编译, 需要手动给 Aria2 配置证书. 具体做法为在 ~/.aria2/aria2.conf 里指定证书路径.

ca-certificate=/etc/ssl/certs/ca-certificates.crt