Use /etc/ssl/certs instead of /usr/share/curl/curl-ca-bundle.crt.
TODO: do it in a cleaner (configurable) way and submit upstream.
---
 lib/easy.c |    5 +----
 lib/url.c  |    7 ++-----
 2 files changed, 3 insertions(+), 9 deletions(-)

--- lib/easy.c.orig
+++ lib/easy.c
@@ -743,10 +743,7 @@ void curl_easy_reset(CURL *curl)
    */
   data->set.ssl.verifypeer = TRUE;
   data->set.ssl.verifyhost = 2;
-#ifdef CURL_CA_BUNDLE
-  /* This is our prefered CA cert bundle since install time */
-  (void) curl_easy_setopt(curl, CURLOPT_CAINFO, (char *) CURL_CA_BUNDLE);
-#endif
+  (void) curl_easy_setopt(curl, CURLOPT_CAPATH, "/etc/ssl/certs");
 
   data->set.ssh_auth_types = CURLSSH_AUTH_DEFAULT; /* defaults to any auth
                                                       type */
--- lib/url.c.orig
+++ lib/url.c
@@ -749,11 +749,8 @@ CURLcode Curl_open(struct SessionHandle
     data->set.ssl.verifypeer = TRUE;
     data->set.ssl.verifyhost = 2;
     data->set.ssl.sessionid = TRUE; /* session ID caching enabled by default */
-#ifdef CURL_CA_BUNDLE
-    /* This is our preferred CA cert bundle since install time */
-    res = setstropt(&data->set.str[STRING_SSL_CAFILE],
-                         (char *) CURL_CA_BUNDLE);
-#endif
+    res = setstropt(&data->set.str[STRING_SSL_CAPATH],
+                         "/etc/ssl/certs");
   }
 
   if(res) {