invalid certificate chain during port-fetch

René J.V. Bertin rjvbertin at
Sun Dec 29 20:53:36 UTC 2019

Thanks Mojca.

Looking at the quoted ticket I see that I did propose the idea there back in 2016, so maybe I did write the patch after all. Doesn't really matter.

What does matter is that it should be possible to pull a similar trick with libcurl itself provided it is conservative enough in the evolution of its ABI. Load libcurl dynamically, preferably from $prefix/lib but falling back to the system one, and fetch the required functions. Qt does something similar with OpenSSL (which probably involves a much larger number of imports).

FWIW, I'm aware that I'm running an OS that is out of date. One can debate whether or not something like libcurl is supposed to be part of the system, but the argument is moot for those users who are limited to an even older OS version because their hardware doesn't permit upgrading. Of course you can argue that those users can fetch their stuff from the MacPorts mirrors, but isn't finding a software solution for this issue cheaper than having to mirror an ever-increasing amount of copies of stuff readily available elsewhere?


More information about the macports-dev mailing list