Neither curl / curl-ca-bundle ports include mk-ca-bundle.pl
Richard Michael
rmichael at edgeofthenet.org
Tue Mar 19 09:47:10 PDT 2013
Actually, I don't think there's much of a use-case for a user running
it. I wanted to hack on the script, and I looked in the curl port for
it.
It would be a slight time saver: as the port contained docs, I looked
around the ports and then ultimately downloaded the curl tarball
(didn't see the script alone on the curl homepage). So, it's more for
completeness sake; I'd remove the docs or add the script.
Aside, I wanted to hack on it because the "PEM" certificates it
generates are not, strictly-speaking, PEM format. The script uses
MIME::Base64::encode() and thus generates MIME base64 76-character
lines, while PEM base64 requires 64-character lines. In particular,
this makes it challenging to diff against openssl generated
64-character line PEM certificates.
I have no preference regarding "flat file" vs. directory; both openssl
and curl support CA paths.
On Tue, Mar 19, 2013 at 3:33 PM, Ryan Schmidt <ryandesign at macports.org> wrote:
> On Mar 19, 2013, at 07:06, Richard Michael wrote:
>
>> The curl port includes the documentation (man page, HTML and PDF) for
>> the mk-ca-bundle.pl script which is used to assemble the ca-cert.pem
>> file from Mozilla's certdata.txt. However, the actual perl script
>> itself is not included, AFAICT, in either curl-related port.
>>
>> If there is interest, I'll write a patch. Though, should all the
>> mk-ca-bundle related material (.pl and docs) should go into the
>> curl-ca-bundle port? OTOH, one might want to install the mk-ca-bundle
>> tools without installing the CA certs, so I could also see the bundle
>> tools remaining in the curl port.
>
> The curl port runs "make install". The curl developers didn't include the mk-ca-bundle.pl script in the files that get installed when running "make install" which is why it doesn't end up getting installed by the port.
>
> I'm not opposed to installing the script. What's the use case for a user needing to run it?
>
> Note that there has also been a request to not build a bundle, but to install individual certificates:
>
> https://trac.macports.org/ticket/35474
>
More information about the macports-dev
mailing list