py25-m2crypto / openssl / root certs and CAs on OSX

Jeremy Lavergne jeremy at
Fri Dec 11 16:29:11 PST 2009

Load port:curl-ca-certificates

the cert will be in ${prefix}/share/curl/curl-ca-bundle.crt

On Dec 11, 2009, at 7:21 PM, Thomas Keller wrote:

> Hash: SHA1
> Hi!
> I'm currently trying to get a python-based cli client running which
> bases its ssl implementation on py25-m2crypto.
> The latter package has a load_verify_locations() method in
> SSL/ which takes either a single pem / root cert or a
> directory of certs. The aforementioned cli client now tries to guess
> these verify locations by checking for the existence of either
> /etc/ssl/certs or /etc/pki/tls/cert.pem, which of course both do not
> exist on OSX.
> What I've found out on the whole root cert topic (I'm pretty new to
> this) is that OSX stores the root certs in proprietary binary keychain
> file(s) under /System/Library/Keychains, which py25-m2crypto can't
> handle. So the question arises how py25-m2crypto could either be made to
> accept this keychain format or how this has been handled for other ports
> / parts in MacPorts. (I guess internally py25-m2crypto also only uses
> openssl somehow and I hope there is already a solution for this.)
> Patching the load_verify_locations() step out of the cli clients code
> will work temporarily, until of course I get an openssl prompt which
> asks me if I want to accept the (for openssl) unknown, but valid remote
> site certificate for which it misses a root cert...
> Any hints?
> Thanks in advance,
> Thomas.
> - -- 
> GPG-Key 0x160D1092 | tommyd3mdi at |
> Please note that according to the EU law on data retention, information
> on every electronic information exchange might be retained for a period
> of six months or longer:
> Version: GnuPG v1.4.10 (Darwin)
> Comment: Using GnuPG with Mozilla -
> c28AniDdz+Dq12IRd5As/8e9FlGR94T/
> =cXqj
> _______________________________________________
> macports-dev mailing list
> macports-dev at

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2435 bytes
Desc: not available
URL: <>

More information about the macports-dev mailing list