<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">There is something fundementally different between the OS 11 install on the intel MacBook vs the M1 iMac. I even wiped clean the MacBook and reinstalled OS 11 and created a new admin account — no third party software installed. Apple's curl failed as before. <div class=""><br class=""></div><div class="">I compared Macport’s curl/openssl on the MacBook (note it is using curl-ca-bundle.crt<span style="font-family: Menlo; font-size: 11px;" class="">)</span>:</div><div class=""><br class=""></div><div class=""><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">Downloads $ which curl</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">/opt/local/bin/curl</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">Downloads $ curl -v -o tetgen1.5.1.tar.gz <a href="https://wias-berlin.de/software/tetgen/1.5/src/tetgen1.5.1.tar.gz" class="">https://wias-berlin.de/software/tetgen/1.5/src/tetgen1.5.1.tar.gz</a></span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> % Total % Received % Xferd Average Speed Time Time Time Current</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Dload Upload Total Spent Left Speed</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 62.141.177.111:443...</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">* Connected to <a href="http://wias-berlin.de" class="">wias-berlin.de</a> (62.141.177.111) port 443 (#0)</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">* ALPN: offers h2</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">* ALPN: offers http/1.1</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">* CAfile: /opt/local/share/curl/curl-ca-bundle.crt</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">* CApath: none</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">* TLSv1.0 (OUT), TLS header, Certificate Status (22):</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">} [5 bytes data]</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">* TLSv1.3 (OUT), TLS handshake, Client hello (1):</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">} [512 bytes data]</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">* TLSv1.2 (IN), TLS header, Certificate Status (22):</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">{ [5 bytes data]</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">* TLSv1.3 (IN), TLS handshake, Server hello (2):</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">{ [122 bytes data]</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">* TLSv1.2 (IN), TLS header, Finished (20):</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">{ [5 bytes data]</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">* TLSv1.2 (IN), TLS header, Supplemental data (23):</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">{ [5 bytes data]</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">{ [21 bytes data]</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">* TLSv1.2 (IN), TLS header, Supplemental data (23):</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">{ [5 bytes data]</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">* TLSv1.3 (IN), TLS handshake, Certificate (11):</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">{ [5159 bytes data]</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">* TLSv1.2 (IN), TLS header, Supplemental data (23):</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">{ [5 bytes data]</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">* TLSv1.3 (IN), TLS handshake, CERT verify (15):</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">{ [520 bytes data]</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">* TLSv1.2 (IN), TLS header, Supplemental data (23):</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">{ [5 bytes data]</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">* TLSv1.3 (IN), TLS handshake, Finished (20):</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">{ [52 bytes data]</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">* TLSv1.2 (OUT), TLS header, Finished (20):</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">} [5 bytes data]</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">} [1 bytes data]</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">* TLSv1.2 (OUT), TLS header, Supplemental data (23):</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">} [5 bytes data]</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">* TLSv1.3 (OUT), TLS handshake, Finished (20):</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">} [52 bytes data]</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">* ALPN: server accepted http/1.1</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">* Server certificate:</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">* subject: C=DE; ST=Berlin; L=Berlin; O=Forschungsverbund Berlin e.V.; OU=Weierstrass-Institut f. Angewandte Analysis u. Stochastik (WIAS); OU=RT; CN=<a href="http://www.wias-berlin.de" class="">www.wias-berlin.de</a></span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">* start date: Aug 4 13:43:33 2021 GMT</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">* expire date: Sep 4 13:43:33 2022 GMT</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">* subjectAltName: host "<a href="http://wias-berlin.de" class="">wias-berlin.de</a>" matched cert's "<a href="http://wias-berlin.de" class="">wias-berlin.de</a>"</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">* issuer: C=DE; O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V.; OU=DFN-PKI; CN=DFN-Verein Global Issuing CA</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">* SSL certificate verify ok.</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">* TLSv1.2 (OUT), TLS header, Supplemental data (23):</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">} [5 bytes data]</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">> GET /software/tetgen/1.5/src/tetgen1.5.1.tar.gz HTTP/1.1</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">> Host: <a href="http://wias-berlin.de" class="">wias-berlin.de</a></span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">> User-Agent: curl/7.84.0</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">> Accept: */*</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">> </span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">* TLSv1.2 (IN), TLS header, Supplemental data (23):</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">{ [5 bytes data]</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">{ [57 bytes data]</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">* TLSv1.2 (IN), TLS header, Supplemental data (23):</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">{ [5 bytes data]</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">{ [57 bytes data]</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">* old SSL session ID is stale, removing</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* TLSv1.2 (IN), TLS header, Supplemental data (23):</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">{ [5 bytes data]</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">* Mark bundle as not supporting multiuse</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">< HTTP/1.1 200 OK</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">< Date: Mon, 18 Jul 2022 11:54:58 GMT</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">< Server: Apache-Coyote/1.1</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">< Strict-Transport-Security: max-age=63072000</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">< Accept-Ranges: bytes</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">< ETag: W/"282433-1534863100000"</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">< Last-Modified: Tue, 21 Aug 2018 14:51:40 GMT</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">< Content-Type: application/x-gzip</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">< Content-Length: 282433</span></div><div class=""><br class=""></div><div class="">/etc/ssl/cert.pem worked as well with curl 7.84.0. Note TLSv1.0 (OUT), TLS header, Certificate Status (22):. I also tried the curl-ca-bundle.crt with Apple’s curl:</div><div class=""><br class=""></div><div class=""><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">Downloads $ /usr/bin/curl --cacert /opt/local/share/curl/curl-ca-bundle.crt -v -o tetgen1.5.1.tar.gz <a href="https://wias-berlin.de/software/tetgen/1.5/src/tetgen1.5.1.tar.gz" class="">https://wias-berlin.de/software/tetgen/1.5/src/tetgen1.5.1.tar.gz</a></span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> % Total % Received % Xferd Average Speed Time Time Time Current</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Dload Upload Total Spent Left Speed</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 62.141.177.111...</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">* TCP_NODELAY set</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to <a href="http://wias-berlin.de" class="">wias-berlin.de</a> (62.141.177.111) port 443 (#0)</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">* ALPN, offering h2</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">* ALPN, offering http/1.1</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">* successfully set certificate verify locations:</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">* CAfile: /opt/local/share/curl/curl-ca-bundle.crt</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> CApath: none</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">* TLSv1.2 (OUT), TLS handshake, Client hello (1):</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">} [228 bytes data]</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">* TLSv1.2 (IN), TLS handshake, Server hello (2):</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">{ [59 bytes data]</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">* TLSv1.2 (IN), TLS handshake, Certificate (11):</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">{ [6122 bytes data]</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">* TLSv1.2 (IN), TLS alert, handshake failure (552):</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">{ [2 bytes data]</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">* error:14008410:SSL routines:CONNECT_CR_KEY_EXCH:sslv3 alert handshake failure</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">* Closing connection 0</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">curl: (35) error:14008410:SSL routines:CONNECT_CR_KEY_EXCH:sslv3 alert handshake failure</span></div></div><div class=""> <br class=""><div class="">Chrome has a 'Copy as cURL' feature so you can inspect what the browser is doing:</div><div class=""><br class=""></div><div class=""><div class="">curl '<a href="https://wias-berlin.de/software/tetgen/1.5/src/tetgen1.5.1.tar.gz" class="">https://wias-berlin.de/software/tetgen/1.5/src/tetgen1.5.1.tar.gz</a>' \</div><div class=""> -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' \</div><div class=""> -H 'Accept-Language: en-US,en;q=0.9' \</div><div class=""> -H 'Connection: keep-alive' \</div><div class=""> -H 'Cookie: JSESSIONID=45D13EF3D3A2EA7165891DDD8E42CF09' \</div><div class=""> -H 'Sec-Fetch-Dest: document' \</div><div class=""> -H 'Sec-Fetch-Mode: navigate' \</div><div class=""> -H 'Sec-Fetch-Site: cross-site' \</div><div class=""> -H 'Sec-Fetch-User: ?1' \</div><div class=""> -H 'Upgrade-Insecure-Requests: 1' \</div><div class=""> -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36' \</div><div class=""> -H 'sec-ch-ua: ".Not/A)Brand";v="99", "Google Chrome";v="103", "Chromium";v="103"' \</div><div class=""> -H 'sec-ch-ua-mobile: ?0' \</div><div class=""> -H 'sec-ch-ua-platform: "macOS"' \</div><div class=""> --compressed</div></div><div class=""><br class=""></div><div class="">Although it downloaded the file, It noted this error:</div><div class=""><br class=""></div><div class="">Mixed Content: The site at '<a href="https://wias-berlin.de/' was loaded over a secure connection, but the file at 'https://wias-berlin.de/software/tetgen/1.5/src/tetgen1.5.1.tar.gz" class="">https://wias-berlin.de/' was loaded over a secure connection, but the file at 'https://wias-berlin.de/software/tetgen/1.5/src/tetgen1.5.1.tar.gz</a>' was redirected through an insecure connection. This file should be served over HTTPS. This download has been blocked. See <a href="https://blog.chromium.org/2020/02/protecting-users-from-insecure.html" class="">https://blog.chromium.org/2020/02/protecting-users-from-insecure.html</a> for more details.</div><div class=""><br class=""></div><div class="">So it may have something to do with this host in particular and the curl version, I don’t think it has anything to do with the cert files.</div><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><br class="webkit-block-placeholder"></div><div class="">
<div class="">Mark Brethen</div><div class=""><a href="mailto:mark.brethen@gmail.com" class="">mark.brethen@gmail.com</a></div><div class=""><br class=""></div><br class="Apple-interchange-newline">
</div>
<div><br class=""><blockquote type="cite" class=""><div class="">On Jul 18, 2022, at 3:21 AM, Christopher Jones <<a href="mailto:jonesc@hep.phy.cam.ac.uk" class="">jonesc@hep.phy.cam.ac.uk</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><meta http-equiv="Content-Type" content="text/html; charset=utf-8" class=""><div style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><br class=""><div class=""><br class=""><blockquote type="cite" class=""><div class="">On 17 Jul 2022, at 7:12 pm, Mark Brethen <<a href="mailto:mark.brethen@gmail.com" class="">mark.brethen@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><meta http-equiv="Content-Type" content="text/html; charset=utf-8" class=""><div style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">It’s interesting that curl fails from my older MacBook Air, but passes on the M1 iMac, both with OS 11 installed. Even after a clean reinstall. I suspect it’s something about Apple’s openssl. Browsers don’t seem to mind the certificate.</div></div></blockquote><div class=""><br class=""></div>No, I very much doubt that is the case. If it where the case if would fail for you on both machines.</div><div class=""><br class=""><blockquote type="cite" class=""><div class=""><div style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div class=""><br class=""></div><div class="">As a work around, I’d like to add something like this:</div><div class=""><br class=""></div><div class=""><div class="">set check.os.major 21</div><div class="">if {${check.os.major} > ${os.major}} {</div><div class=""> depends_fetch-append curl</div><div class=""> fetch {</div><div class=""> system "curl -L -o ${distpath}/${distfiles} ${master_sites}${distfiles}"</div><div class=""> }</div><div class="">}</div></div></div></div></blockquote><div class=""><br class=""></div><div class="">It is not appropriate to add that to a port file when the origin of the issue is still not understood, and quite likely something specific to your setup.</div><div class=""><br class=""></div><div class="">Chris</div><br class=""><blockquote type="cite" class=""><div class=""><div style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div class=""><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><br class=""><div class="">
<div class="">Mark Brethen</div><div class=""><a href="mailto:mark.brethen@gmail.com" class="">mark.brethen@gmail.com</a></div><div class=""><br class=""></div><br class="Apple-interchange-newline">
</div>
<div class=""><br class=""><blockquote type="cite" class=""><div class="">On Jul 17, 2022, at 8:49 AM, Mark Brethen <<a href="mailto:mark.brethen@gmail.com" class="">mark.brethen@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><meta http-equiv="Content-Type" content="text/html; charset=utf-8" class=""><div style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">I think I’m getting to the root of the problem. I tried to obtain the SSL certificate from the host server using openssl.<div class=""><br class=""></div><div class=""><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><div style="margin: 0px; font-stretch: normal; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">Downloads $ echo | openssl s_client -servername <a href="http://wias-berlin.de/" class="">wias-berlin.de</a> -connect <a href="http://wias-berlin.de:443/" class="">wias-berlin.de:443</a> |\ </span></div><div style="margin: 0px; font-stretch: normal; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > certificate.crt</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">depth=3 C = DE, O = T-Systems Enterprise Services GmbH, OU = T-Systems Trust Center, CN = T-TeleSec GlobalRoot Class 2</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">verify return:1</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">depth=2 C = DE, O = Verein zur Foerderung eines Deutschen Forschungsnetzes e. V., OU = DFN-PKI, CN = DFN-Verein Certification Authority 2</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">verify return:1</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">depth=1 C = DE, O = Verein zur Foerderung eines Deutschen Forschungsnetzes e. V., OU = DFN-PKI, CN = DFN-Verein Global Issuing CA</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">verify return:1</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">depth=0 C = DE, ST = Berlin, L = Berlin, O = Forschungsverbund Berlin e.V., OU = Weierstrass-Institut f. Angewandte Analysis u. Stochastik (WIAS), OU = RT, CN = <a href="http://www.wias-berlin.de/" class="">www.wias-berlin.de</a></span></div><div style="margin: 0px; font-stretch: normal; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">verify return:1</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">4479426220:error:14008410:SSL routines:CONNECT_CR_KEY_EXCH:sslv3 alert handshake failure:/System/Volumes/Data/SWE/macOS/BuildRoots/880a0f6e74/Library/Caches/com.apple.xbs/Sources/libressl/libressl-56.60.4/libressl-2.8/ssl/ssl_pkt.c:1200:SSL alert number 40</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">4479426220:error:140080E5:SSL routines:CONNECT_CR_KEY_EXCH:ssl handshake failure:/System/Volumes/Data/SWE/macOS/BuildRoots/880a0f6e74/Library/Caches/com.apple.xbs/Sources/libressl/libressl-56.60.4/libressl-2.8/ssl/ssl_pkt.c:585:</span></div></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><br class=""></span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><br class=""></span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><span style="font-family: Helvetica; font-size: 12px;" class="">I don’t get this error on the iMac with the same OS, same openssl versions.</span></span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><span style="font-family: Helvetica; font-size: 12px;" class=""><br class=""></span></span></div><div class="">
<div class="">Mark</div><div class=""><br class=""></div><br class=""></div>
<div class=""><br class=""><blockquote type="cite" class=""><div class="">On Jul 15, 2022, at 1:44 PM, Mark Brethen <<a href="mailto:mark.brethen@gmail.com" class="">mark.brethen@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><meta http-equiv="Content-Type" content="text/html; charset=utf-8" class=""><div style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Maybe it’s openssl in /opt/local/bin? On the MacBook Air:<div class=""><br class=""></div><div class=""><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">ports $ which openssl</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">/opt/local/bin/openssl</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">ports $ openssl version</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">OpenSSL 3.0.5 5 Jul 2022 (Library: OpenSSL 3.0.5 5 Jul 2022)</span></div></div><div class=""><br class=""></div><div class="">The iMac has /opt/local/bin/openssl 1.1.1</div><div class=""><br class=""></div><div class="">/usr/bin/openssl is libressl 2.8.3 for both.</div><div class=""><br class=""></div><div class=""><br class=""><div class="">
<div class="">Mark Brethen</div><div class=""><a href="mailto:mark.brethen@gmail.com" class="">mark.brethen@gmail.com</a></div><div class=""><br class=""></div><br class="Apple-interchange-newline">
</div>
<div class=""><br class=""><blockquote type="cite" class=""><div class="">On Jul 15, 2022, at 1:32 PM, Mark Brethen <<a href="mailto:mark.brethen@gmail.com" class="">mark.brethen@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><meta http-equiv="Content-Type" content="text/html; charset=utf-8" class=""><div style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Heck if I know what’s wrong. Everything being equal, curl on the iMac works, but on the MacBook Air it does not. Both have the same OS, same curl version at /usr/bin, same cert.pem.<div class=""><br class=""></div><div class=""><br class=""><div class="">
<div class="">Mark Brethen</div><div class=""><a href="mailto:mark.brethen@gmail.com" class="">mark.brethen@gmail.com</a></div><div class=""><br class=""></div><br class="Apple-interchange-newline">
</div>
<div class=""><br class=""><blockquote type="cite" class=""><div class="">On Jul 15, 2022, at 11:42 AM, Mark Brethen <<a href="mailto:mark.brethen@gmail.com" class="">mark.brethen@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><meta http-equiv="Content-Type" content="text/html; charset=utf-8" class=""><div style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">On the MacBook Air openssl is able to get the certificate<div class=""><br class=""></div><div class=""><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">Downloads $ openssl s_client -connect <a href="http://wias-berlin.de:443/" class="">wias-berlin.de:443</a></span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">CONNECTED(00000005)</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">depth=3 C = DE, O = T-Systems Enterprise Services GmbH, OU = T-Systems Trust Center, CN = T-TeleSec GlobalRoot Class 2</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">verify return:1</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">depth=2 C = DE, O = Verein zur Foerderung eines Deutschen Forschungsnetzes e. V., OU = DFN-PKI, CN = DFN-Verein Certification Authority 2</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">verify return:1</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">depth=1 C = DE, O = Verein zur Foerderung eines Deutschen Forschungsnetzes e. V., OU = DFN-PKI, CN = DFN-Verein Global Issuing CA</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">verify return:1</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">depth=0 C = DE, ST = Berlin, L = Berlin, O = Forschungsverbund Berlin e.V., OU = Weierstrass-Institut f. Angewandte Analysis u. Stochastik (WIAS), OU = RT, CN = <a href="http://www.wias-berlin.de/" class="">www.wias-berlin.de</a></span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">verify return:1</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">---</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">Certificate chain</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> 0 s:C = DE, ST = Berlin, L = Berlin, O = Forschungsverbund Berlin e.V., OU = Weierstrass-Institut f. Angewandte Analysis u. Stochastik (WIAS), OU = RT, CN = <a href="http://www.wias-berlin.de/" class="">www.wias-berlin.de</a></span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> i:C = DE, O = Verein zur Foerderung eines Deutschen Forschungsnetzes e. V., OU = DFN-PKI, CN = DFN-Verein Global Issuing CA</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> v:NotBefore: Aug 4 13:43:33 2021 GMT; NotAfter: Sep 4 13:43:33 2022 GMT</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> 1 s:C = DE, O = Verein zur Foerderung eines Deutschen Forschungsnetzes e. V., OU = DFN-PKI, CN = DFN-Verein Global Issuing CA</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> i:C = DE, O = Verein zur Foerderung eines Deutschen Forschungsnetzes e. V., OU = DFN-PKI, CN = DFN-Verein Certification Authority 2</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> v:NotBefore: May 24 11:38:40 2016 GMT; NotAfter: Feb 22 23:59:59 2031 GMT</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> 2 s:C = DE, O = Verein zur Foerderung eines Deutschen Forschungsnetzes e. V., OU = DFN-PKI, CN = DFN-Verein Certification Authority 2</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> i:C = DE, O = T-Systems Enterprise Services GmbH, OU = T-Systems Trust Center, CN = T-TeleSec GlobalRoot Class 2</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> v:NotBefore: Feb 22 13:38:22 2016 GMT; NotAfter: Feb 22 23:59:59 2031 GMT</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">---</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">Server certificate</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">-----BEGIN CERTIFICATE-----</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><clip></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class="">-----END CERTIFICATE-----</div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">subject=C = DE, ST = Berlin, L = Berlin, O = Forschungsverbund Berlin e.V., OU = Weierstrass-Institut f. Angewandte Analysis u. Stochastik (WIAS), OU = RT, CN = <a href="http://www.wias-berlin.de/" class="">www.wias-berlin.de</a></span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">issuer=C = DE, O = Verein zur Foerderung eines Deutschen Forschungsnetzes e. V., OU = DFN-PKI, CN = DFN-Verein Global Issuing CA</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">---</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">No client certificate CA names sent</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">Peer signing digest: SHA256</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">Peer signature type: RSA-PSS</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">Server Temp Key: X25519, 253 bits</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">---</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">SSL handshake has read 5958 bytes and written 400 bytes</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">Verification: OK</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">---</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">Server public key is 4096 bit</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">Secure Renegotiation IS NOT supported</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">Compression: NONE</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">Expansion: NONE</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">No ALPN negotiated</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">Early data was not sent</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">Verify return code: 0 (ok)</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">---</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">---</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">Post-Handshake New Session Ticket arrived:</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">SSL-Session:</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Protocol : TLSv1.3</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Cipher : TLS_AES_256_GCM_SHA384</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Session-ID: 59F731F1CDD19B47E950494E9EE1B8A0550BF8AC10649DB3C7232926EEC1530A</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Session-ID-ctx: </span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Resumption PSK: A3FDED018305178A2940F1CC082F27F0BFD32592CA51C904C07E446B5B5EEDBC496CDC1711F7E87A9AED84131B1A790C</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> PSK identity: None</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> PSK identity hint: None</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> SRP username: None</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> TLS session ticket lifetime hint: 300 (seconds)</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> TLS session ticket:</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> 0000 - 04 c1 6f 8b 74 4d 64 1e-64 33 c2 af 4c 3d 57 07 ..o.tMd.d3..L=W.</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> 0010 - b8 55 a9 29 03 a4 7c 58-7a 93 f8 48 f2 7a c6 a9 .U.)..|Xz..H.z..</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; min-height: 13px;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""></span><br class=""></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Start Time: 1657903105</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Timeout : 7200 (sec)</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Verify return code: 0 (ok)</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Extended master secret: no</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Max Early Data: 0</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">---</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">read R BLOCK</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">---</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">Post-Handshake New Session Ticket arrived:</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">SSL-Session:</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Protocol : TLSv1.3</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Cipher : TLS_AES_256_GCM_SHA384</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Session-ID: 442D3ABED4D45BD62EA3B62E38EEE60BEE8D146EAC1B5549645F78E5AEC70D70</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Session-ID-ctx: </span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Resumption PSK: D32F86E1E5AE9DC8A3F551D4F4E4BAAF20448E5C7D169D12685577ADC60440556044B374436BFDAA22E6DF026FFBD77A</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> PSK identity: None</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> PSK identity hint: None</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> SRP username: None</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> TLS session ticket lifetime hint: 300 (seconds)</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> TLS session ticket:</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> 0000 - 5d 89 a2 5e 7a b3 18 13-89 f7 07 66 f7 52 5a d4 ]..^z......f.RZ.</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> 0010 - 22 b4 f8 78 af 92 bf 39-16 9b 4c 63 8b fa 4d d9 "..x...9..Lc..M.</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; min-height: 13px;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""></span><br class=""></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Start Time: 1657903105</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Timeout : 7200 (sec)</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Verify return code: 0 (ok)</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Extended master secret: no</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Max Early Data: 0</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">---</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">read R BLOCK</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">closed</span></div><div class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><br class=""></span></div><div class="">
<div class="">Mark Brethen</div><div class=""><a href="mailto:mark.brethen@gmail.com" class="">mark.brethen@gmail.com</a></div><div class=""><br class=""></div><br class="Apple-interchange-newline">
</div>
<div class=""><br class=""><blockquote type="cite" class=""><div class="">On Jul 15, 2022, at 10:51 AM, Mark Brethen <<a href="mailto:mark.brethen@gmail.com" class="">mark.brethen@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div class="">On the Imac (OS 11.6.7):<br class=""><br class="">-rw-r--r-- 1 root wheel 346545 Jan 1 2020 cert.pem<br class=""><br class="">~ $ /usr/bin/curl --version<br class="">curl 7.64.1 (x86_64-apple-darwin20.0) libcurl/7.64.1 (SecureTransport) LibreSSL/2.8.3 zlib/1.2.11 nghttp2/1.41.0<br class="">Release-Date: 2019-03-27<br class="">Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp <br class="">Features: AsynchDNS GSS-API HTTP2 HTTPS-proxy IPv6 Kerberos Largefile libz MultiSSL NTLM NTLM_WB SPNEGO SSL UnixSockets<br class=""><br class="">Downloads $ /usr/bin/curl -L -v -o tetgen1.5.1.tar.gz <a href="https://wias-berlin.de/software/tetgen/1.5/src/tetgen1.5.1.tar.gz" class="">https://wias-berlin.de/software/tetgen/1.5/src/tetgen1.5.1.tar.gz</a><br class=""> % Total % Received % Xferd Average Speed Time Time Time Current<br class=""> Dload Upload Total Spent Left Speed<br class=""> 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 62.141.177.111...<br class="">* TCP_NODELAY set<br class="">* Connected to <a href="http://wias-berlin.de/" class="">wias-berlin.de</a> (62.141.177.111) port 443 (#0)<br class="">* ALPN, offering h2<br class="">* ALPN, offering http/1.1<br class="">* successfully set certificate verify locations:<br class="">* CAfile: /etc/ssl/cert.pem<br class=""> CApath: none<br class="">* TLSv1.2 (OUT), TLS handshake, Client hello (1):<br class="">} [228 bytes data]<br class="">* TLSv1.2 (IN), TLS handshake, Server hello (2):<br class="">{ [104 bytes data]<br class="">* TLSv1.2 (IN), TLS handshake, Certificate (11):<br class="">{ [5152 bytes data]<br class="">* TLSv1.2 (IN), TLS handshake, Server key exchange (12):<br class="">{ [556 bytes data]<br class="">* TLSv1.2 (IN), TLS handshake, Server finished (14):<br class="">{ [4 bytes data]<br class="">* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):<br class="">} [37 bytes data]<br class="">* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):<br class="">} [1 bytes data]<br class="">* TLSv1.2 (OUT), TLS handshake, Finished (20):<br class="">} [16 bytes data]<br class="">* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):<br class="">{ [1 bytes data]<br class="">* TLSv1.2 (IN), TLS handshake, Finished (20):<br class="">{ [16 bytes data]<br class="">* SSL connection using TLSv1.2 / ECDHE-RSA-CHACHA20-POLY1305<br class="">* ALPN, server accepted to use http/1.1<br class="">* Server certificate:<br class="">* subject: C=DE; ST=Berlin; L=Berlin; O=Forschungsverbund Berlin e.V.; OU=Weierstrass-Institut f. Angewandte Analysis u. Stochastik (WIAS); OU=RT; CN=<a href="http://www.wias-berlin.de/" class="">www.wias-berlin.de</a><br class="">* start date: Aug 4 13:43:33 2021 GMT<br class="">* expire date: Sep 4 13:43:33 2022 GMT<br class="">* subjectAltName: host "<a href="http://wias-berlin.de/" class="">wias-berlin.de</a>" matched cert's "<a href="http://wias-berlin.de/" class="">wias-berlin.de</a>"<br class="">* issuer: C=DE; O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V.; OU=DFN-PKI; CN=DFN-Verein Global Issuing CA<br class="">* SSL certificate verify ok.<br class=""><blockquote type="cite" class="">GET /software/tetgen/1.5/src/tetgen1.5.1.tar.gz HTTP/1.1<br class="">Host: <a href="http://wias-berlin.de/" class="">wias-berlin.de</a><br class="">User-Agent: curl/7.64.1<br class="">Accept: */*<br class=""><br class=""></blockquote> 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0< HTTP/1.1 200 OK<br class="">< Date: Fri, 15 Jul 2022 15:43:03 GMT<br class="">< Server: Apache-Coyote/1.1<br class="">< Strict-Transport-Security: max-age=63072000<br class="">< Accept-Ranges: bytes<br class="">< ETag: W/"282433-1534863100000"<br class="">< Last-Modified: Tue, 21 Aug 2018 14:51:40 GMT<br class="">< Content-Type: application/x-gzip<br class="">< Content-Length: 282433<br class="">< <br class="">{ [7906 bytes data]<br class="">100 275k 100 275k 0 0 156k 0 0:00:01 0:00:01 --:--:-- 156k<br class="">* Connection #0 to host <a href="http://wias-berlin.de/" class="">wias-berlin.de</a> left intact<br class="">* Closing connection 0<br class=""><br class="">Mark Brethen<br class=""><a href="mailto:mark.brethen@gmail.com" class="">mark.brethen@gmail.com</a><br class=""><br class=""><br class=""><br class=""><blockquote type="cite" class="">On Jul 15, 2022, at 10:18 AM, Chris Jones <<a href="mailto:jonesc@hep.phy.cam.ac.uk" class="">jonesc@hep.phy.cam.ac.uk</a>> wrote:<br class=""><br class=""><br class=""><br class="">On 15/07/2022 4:16 pm, Mark Brethen wrote:<br class=""><blockquote type="cite" class="">cert.perm has the same date<br class=""></blockquote><br class="">very surprised ...<br class=""><br class="">and..... does the curl fetch also fail ?<br class=""><br class=""><blockquote type="cite" class="">Mark Brethen<br class=""><a href="mailto:mark.brethen@gmail.com" class="">mark.brethen@gmail.com</a><br class=""><blockquote type="cite" class="">On Jul 15, 2022, at 10:11 AM, Chris Jones <<a href="mailto:jonesc@hep.phy.cam.ac.uk" class="">jonesc@hep.phy.cam.ac.uk</a>> wrote:<br class=""><br class=""><br class=""><br class="">On 15/07/2022 4:08 pm, Mark Brethen wrote:<br class=""><blockquote type="cite" class="">I checked big sur on my iMac, which came installed with big sur. It also has version 7.64.1.<br class=""></blockquote><br class="">how old is the cert.pem file though ?<br class=""><br class="">Does the fetch using /usr/bin/curl work there or not ?<br class=""><br class="">I’m surprised macports is using the native curl. Apple is notorious for not updating to the latest versions of software with each new OS.<br class=""><blockquote type="cite" class="">Mark Brethen<br class=""><a href="mailto:mark.brethen@gmail.com" class="">mark.brethen@gmail.com</a><br class=""><blockquote type="cite" class="">On Jul 15, 2022, at 9:55 AM, Chris Jones <<a href="mailto:jonesc@hep.phy.cam.ac.uk" class="">jonesc@hep.phy.cam.ac.uk</a>> wrote:<br class=""><br class=""><br class=""><br class="">On 15/07/2022 3:49 pm, Mark Brethen wrote:<br class=""><blockquote type="cite" class="">-rw-r--r-- 1 root wheel 346545 Jan 1 2020 cert.pem<br class=""></blockquote><br class="">The above could be your problem, as that is very old, 2.5 years or so now. It actually pre-dates the public release of macOS 11, which wasn't until November that year, which makes it quite suspicious...<br class=""><br class="">In comparison mine is from May this year, on macOS12. I would imagine the same on macOS 11 to be much more up to date than the above.<br class=""><br class="">This could be some relic of your big update from OSX10.13 to macOS11...<br class=""><br class="">So, I am not sure how, but you need the above to be updated I believe...<br class=""><br class="">Have you checked system update to make sure you are fully up to date ?<br class=""><br class="">Chris<br class=""><br class=""><blockquote type="cite" class="">~ $ /usr/bin/curl --version<br class="">curl 7.64.1 (x86_64-apple-darwin20.0) libcurl/7.64.1 (SecureTransport) LibreSSL/2.8.3 zlib/1.2.11 nghttp2/1.41.0<br class="">Release-Date: 2019-03-27<br class="">Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp<br class="">Features: AsynchDNS GSS-API HTTP2 HTTPS-proxy IPv6 Kerberos Largefile libz MultiSSL NTLM NTLM_WB SPNEGO SSL UnixSockets<br class="">Mark Brethen<br class=""><a href="mailto:mark.brethen@gmail.com" class="">mark.brethen@gmail.com</a> <<a href="mailto:mark.brethen@gmail.com" class="">mailto:mark.brethen@gmail.com</a>><br class=""><blockquote type="cite" class="">On Jul 15, 2022, at 9:44 AM, Chris Jones <<a href="mailto:jonesc@hep.phy.cam.ac.uk" class="">jonesc@hep.phy.cam.ac.uk</a> <<a href="mailto:jonesc@hep.phy.cam.ac.uk" class="">mailto:jonesc@hep.phy.cam.ac.uk</a>>> wrote:<br class=""><br class="">/etc/ssl/cert.pem<br class=""></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><br class=""></div></div></blockquote></div><br class=""></div></div></div></blockquote></div><br class=""></div></div></div></blockquote></div><br class=""></div></div></div></blockquote></div><br class=""></div></div></div></blockquote></div><br class=""></div></div></div></div></blockquote></div><br class=""></div></div></blockquote></div><br class=""></div></div></body></html>