diff --git a/gtk2_ardour/ardour_http.cc b/gtk2_ardour/ardour_http.cc
index c970468022..d164e47d81 100644
--- a/gtk2_ardour/ardour_http.cc
+++ b/gtk2_ardour/ardour_http.cc
@@ -63,6 +63,7 @@ HttpGet::ca_setopt (CURL* c)
 	}
 
 	if (ca_info && strlen (ca_info) == 0) {
+		/* not hat for you */
 		curl_easy_setopt (c, CURLOPT_SSL_VERIFYPEER, 0);
 		curl_easy_setopt (c, CURLOPT_SSL_VERIFYHOST, 0);
 	} else if (ca_info || ca_path) {
@@ -102,9 +103,9 @@ HttpGet::setup_certificate_paths ()
 		ca_info = ""; // disable cert check
 	}
 
-	if (Glib::file_test ("/etc/pki/tls/certs/ca-bundle.crt", Glib::FILE_TEST_EXISTS|Glib::FILE_TEST_IS_REGULAR)) {
+	if (Glib::file_test ("/etc/pki/tls/certs/ca-bundle.crt", Glib::FILE_TEST_EXISTS|Glib::FILE_TEST_IS_DIR)) {
 		// we're on RHEL // https://bugzilla.redhat.com/show_bug.cgi?id=1053882
-		ca_path = "/nonexistent_path"; // don't try "/etc/ssl/certs" it's a trap
+		ca_path = "/nonexistent_path"; // don't try "/etc/ssl/certs" in case it's curl's default
 	}
 	else if (Glib::file_test ("/etc/ssl/certs", Glib::FILE_TEST_EXISTS|Glib::FILE_TEST_IS_DIR)) {
 		// Debian and derivs + OpenSuSe