[MacPorts] #51516: MacPorts should use a bundled copy of a newer libcurl and SSL library rather than the OS X version

Sat Nov 11 07:58:35 UTC 2023

#51516: MacPorts should use a bundled copy of a newer libcurl and SSL library
rather than the OS X version
--------------------------+--------------------------------
  Reporter:  ryandesign   |      Owner:  macports-tickets@…
      Type:  enhancement  |     Status:  new
  Priority:  Normal       |  Milestone:  MacPorts Future
 Component:  base         |    Version:
Resolution:               |   Keywords:
      Port:               |
--------------------------+--------------------------------

Comment (by catap):

 Meanwhile we may have a much bigger issue with GitHub. On macOS 12.7 when
 I run `s_client -showcerts -servername codeload.github.com -connect
 codeload.github.com:443 </dev/null` I do have an output:
 {{{
 CONNECTED(00000005)
 depth=0 C = US, ST = USA, L = New York, O = Optimization, OU =
 Optimization, CN = tomcat
 verify error:num=18:self-signed certificate
 verify return:1
 depth=0 C = US, ST = USA, L = New York, O = Optimization, OU =
 Optimization, CN = tomcat
 verify return:1
 ---
 Certificate chain
  0 s:C = US, ST = USA, L = New York, O = Optimization, OU = Optimization,
 CN = tomcat
    i:C = US, ST = USA, L = New York, O = Optimization, OU = Optimization,
 CN = tomcat
    a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
    v:NotBefore: Aug 30 08:53:43 2019 GMT; NotAfter: Aug 25 08:53:43 2039
 GMT
 ...
 }}}

 => self-signed certificate won't pass verification. So, output is below
 expected but quite scary:
 {{{
 √ ~ % /opt/local/bin/curl -I https://codeload.github.com/
 curl: (60) SSL certificate problem: self-signed certificate
 More details here: https://curl.se/docs/sslcerts.html

 curl failed to verify the legitimacy of the server and therefore could not
 establish a secure connection to it. To learn more about this situation
 and
 how to fix it, please visit the web page mentioned above.
 ? ~ % /usr/bin/curl -I https://codeload.github.com/
 curl: (60) SSL certificate problem: self signed certificate
 More details here: https://curl.se/docs/sslcerts.html

 curl failed to verify the legitimacy of the server and therefore could not
 establish a secure connection to it. To learn more about this situation
 and
 how to fix it, please visit the web page mentioned above.
 ? ~ %
 }}}

-- 
Ticket URL: <https://trac.macports.org/ticket/51516#comment:102>
MacPorts <https://www.macports.org/>
Ports system for macOS