Just for information to all: Mozilla has recently removed weak certs from the
CA certs bundle. Weak, in the meaning that they used 1024 bit RSA.
If you download the latest cacert bundle from the curl site
(http://curl.haxx.se/docs/caextract.html) right now, you'll see that
s3.amazonaws.com sites no longer gets verified fine. I guess that it goes for
a few other sites too.