invalid certificate chain during port-fetch
Ryan Schmidt
ryandesign at macports.org
Fri Jan 3 07:22:30 UTC 2020
On Dec 29, 2019, at 10:58, Mojca Miklavec wrote:
> On Sun, 29 Dec 2019 at 13:46, Rainer Müller wrote:
>
>> See also:
>> https://trac.macports.org/ticket/51516
>
> Thinking of it ... the reported/suggested patch doesn't sound as bad after all.
>
> Considering the potential alternatives of:
[snip]
> - shipping our own bundled copy of libcurl (dismissed many times as
> not feasible)
I still believe bundling libcurl and libressl or openssl with MacPorts is the correct solution, as I have previously argued in #51516. There is also a link in that ticket to an implementation, so it is definitely feasible. I have not had the energy to renew the argument in that ticket after the latest objection, and there are only so many ways that I can express the views that I've already expressed there.
> then trying to repeat the download with either ${prefix}/bin/curl or
> ${prefix}/bin/wget or whatever "default curl" points to (which would
> always resolve to /usr/bin/curl if port curl is missing) doesn't sound
> like such a bad idea to me.
[snip]
It is a bad idea in as much as it means we are writing all of our curl code twice: once for libcurl and a second time for the curl program. This is a duplication of effort and presents a great opportunity for us to mess up such that a MacPorts feature works when using libcurl but not when using curl or vice versa.
More information about the macports-dev
mailing list