Recent OpenSSL changes and CA certs
Blair Zajac
blair at orcaware.com
Wed Oct 13 05:40:02 UTC 2021
+jonesc at macports.org
wget also fails after upgrading openssl:
$ wget https://registry.npmjs.org/npm
--2021-10-12 18:21:00-- https://registry.npmjs.org/npm
Resolving registry.npmjs.org (registry.npmjs.org)... 2606:4700::6810:1323, 2606:4700::6810:1923, 2606:4700::6810:1723, ...
Connecting to registry.npmjs.org (registry.npmjs.org)|2606:4700::6810:1323|:443... connected.
ERROR: cannot verify registry.npmjs.org's certificate, issued by ‘CN=Cloudflare Inc ECC CA-3,O=Cloudflare\\, Inc.,C=US’:
Unable to locally verify the issuer's authority.
To connect to registry.npmjs.org insecurely, use `--no-check-certificate’.
> On Oct 12, 2021, at 10:13 PM, Aaron Madlon-Kay <amake at macports.org> wrote:
>
> Forget all that stuff I mentioned about rbenv and ruby-build. I can
> reproduce this with the ruby30 port:
>
> % /opt/local/bin/ruby3.0 -r net/http -e
> 'Net::HTTP.get(URI("https://www.apple.com"))'
> /opt/local/lib/ruby3.0/3.0.0/net/protocol.rb:46:in `connect_nonblock':
> SSL_connect returned=1 errno=0 state=error: certificate verify failed
> (unable to get local issuer certificate) (OpenSSL::SSL::SSLError)
> from /opt/local/lib/ruby3.0/3.0.0/net/protocol.rb:46:in
> `ssl_socket_connect'
> from /opt/local/lib/ruby3.0/3.0.0/net/http.rb:1038:in `connect'
> from /opt/local/lib/ruby3.0/3.0.0/net/http.rb:970:in `do_start'
> from /opt/local/lib/ruby3.0/3.0.0/net/http.rb:959:in `start'
> from /opt/local/lib/ruby3.0/3.0.0/net/http.rb:621:in `start'
> from /opt/local/lib/ruby3.0/3.0.0/net/http.rb:496:in `get_response'
> from /opt/local/lib/ruby3.0/3.0.0/net/http.rb:467:in `get'
> from -e:1:in `<main>'
>
> When working correctly, the above command will exit with no message.
>
> -Aaron
>
More information about the macports-dev
mailing list