curl (doesn't) need updating - but ca_bundle.pem does

[tlhackque]

if curl is unable to verify a peer certificate due to an out of date ca_bundle.pem, it returns error 60, which causes getssl to emit

curl needs updating, your version does not support SNI (multiple SSL domains on a single IP)

While getssl is trying to be helpful, in fact, curl is at the latest rev.

The diagnostic message from getssl should be something like:

curl couldn't verify a peer certificate.  Either your version does not support SNI (multiple SSL domains on a single IP) - update curl, or the ca_bundle.pem file that curl uses is out of date - run mk-ca-bundle.