out-of-date /usr/share/curl/curl-ca-bundle.crt on 10.5 and 10.4
Ned Deily
nad at acm.org
Wed Apr 9 13:11:55 PDT 2014
It seems that a number of MacPorts users on 10.5 and 10.4 are running
into download problems (for example,
https://trac.macports.org/ticket/43172 and
https://trac.macports.org/ticket/43307). I believe the root cause is
that MacPorts base currently depends on the system-supplied curl and for
10.5 and earlier the default system curl certificate bundle is now
woefully out-of-date. Two unrelated things are bringing this to the
fore now: 1. the MacPorts distfiles not being updated problem (which
presumably will eventually get fixed) and 2. the increasing default use
of ssl transfers by upstream mirrors (an issue that is only going to get
worse). An example is pypi.python.org. There is a fairly simple fix
for 10.5 and 10.4 users: they can manually update the system curl
certificate bundle. (For 10.6 and above, the system curl does not have
its own certificates.) If an up-to-date MacPorts curl port is
installed, it is pretty trivial; see
https://trac.macports.org/ticket/43172#comment:8. Otherwise, they could
download the bundle from somewhere, for example,
http://curl.haxx.se/docs/caextract.html. I think it would be very
helpful to add something about this somewhere, perhaps in the new
website under the OS-version-specific sections. Even better, in
addition a check or warning could be added to selfupdate.
--
Ned Deily,
nad at acm.org
More information about the macports-dev
mailing list