Recent OpenSSL changes and CA certs
Christopher Jones
jonesc at hep.phy.cam.ac.uk
Wed Oct 13 08:00:49 UTC 2021
Hi,
Howe does
/opt/local/libexec/openssl11/etc/openssl/cert.pem
get created, as its not actually part of the openssl11 port itself ?
Oberon ~/Projects/MacPorts/ports > port contents openssl11 | grep cert.pem
Oberon ~/Projects/MacPorts/ports >
Chris
> On 13 Oct 2021, at 5:58 am, Aaron Madlon-Kay <amake at macports.org> wrote:
>
> Hi all.
>
> I know there are some important changes being made to the OpenSSL
> ports. Today I updated my ports and now have the following installed:
>
> % port installed name:openssl
> The following ports are currently installed:
> openssl @1.1_0 (active)
> openssl10 @1.0.2u_2 (active)
> openssl11 @1.1.1l_2 (active)
>
> Apparently as a result of this, my Ruby environment (managed by rbenv
> + ruby-build, both available as ports) seems to no longer be able to
> connect to HTTPS hosts.
>
> By some trial and error, I managed to find that symlinking the certs
> installed by the curl-ca-bundle port into the new "real" home of
> OpenSSL solved the problem:
>
> sudo ln -s /opt/local/share/curl/curl-ca-bundle.crt
> /opt/local/libexec/openssl11/etc/openssl/cert.pem
>
> Can anyone point me to a better solution?
>
> I note that the Ruby OpenSSL module (built under the old OpenSSL port
> regime) is linked to /opt/local/lib/{libssl,libcrypto}.1.1.dylib. If I
> rebuild Ruby after updating to the new port regime, it is linked to
> /opt/local/libexec/openssl11/lib/{libssl,libcrypto}.1.1.dylib. Either
> way, SSL connections fail unless I symlink cert.pem as above. There
> are no apparent breakages in the linking itself.
>
> Thanks,
> Aaron
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1930 bytes
Desc: not available
URL: <http://lists.macports.org/pipermail/macports-dev/attachments/20211013/6e6c5041/attachment.bin>
More information about the macports-dev
mailing list