Distfile Mirror Issues
Ryan Schmidt
ryandesign at macports.org
Wed Jul 29 01:29:06 UTC 2020
On Jul 28, 2020, at 13:06, Fred Wright wrote:
> On Tue, 28 Jul 2020, Ryan Schmidt wrote:
>> On Jul 27, 2020, at 18:27, Fred Wright wrote:
> [...]
>>> DEBUG: Fetching distfile failed: Unknown SSL protocol error in connection to jnb.za.distfiles.macports.org:-9824
>>
>> It appears they've enabled mandatory SSL on this server, which they weren't doing before.
>>
>> They've forgotten to add the MacPorts hostnames to the SSL certificate, so we can't connect. I've asked them to add those hostnames.
They've fixed this now.
>> When I use their hostname I'm able to connect using /usr/bin/curl on OS X 10.11 and later but not 10.10 and earlier. This is probably related to which encryption algorithms they've decided to support. Which macOS version were you using?
>
> I normally use 10.9 (though I have many other versions for testing). That sometimes has issues as discussed in:
>
> https://trac.macports.org/ticket/51516
>
> But I thought the idea was that MacPorts' own mirrors should be configured to be compatible with all OS versions that it supports, which is why the compatibility issue usually only arises in connection with port development (before the disfiles have been mirrored).
We haven't ever had an explicit policy that MacPorts mirrors should be configured to be compatible with all OS versions. It just sort of used to be that way, since the mirrors didn't use https. The availability of free SSL certificates through Let's Encrypt changed that, and now we do have some mirrors using SSL, and depending on which algorithms they've configured their mirror to support, that may mean some mirrors can't be used from all versions of macOS.
I'll ask them if they want to enable older algorithms or allow non-https access. If they want to do neither, I'll configure MacPorts to remove that mirror on OS versions that can't connect to it.
More information about the macports-dev
mailing list