Recent OpenSSL changes and CA certs

Christopher Jones jonesc at hep.phy.cam.ac.uk
Wed Oct 13 08:00:49 UTC 2021


Hi,

Howe does

/opt/local/libexec/openssl11/etc/openssl/cert.pem

get created, as its not actually part of the openssl11 port itself ?

Oberon ~/Projects/MacPorts/ports > port contents openssl11 | grep cert.pem
Oberon ~/Projects/MacPorts/ports >

Chris

> On 13 Oct 2021, at 5:58 am, Aaron Madlon-Kay <amake at macports.org> wrote:
> 
> Hi all.
> 
> I know there are some important changes being made to the OpenSSL
> ports. Today I updated my ports and now have the following installed:
> 
> % port installed name:openssl
> The following ports are currently installed:
>  openssl @1.1_0 (active)
>  openssl10 @1.0.2u_2 (active)
>  openssl11 @1.1.1l_2 (active)
> 
> Apparently as a result of this, my Ruby environment (managed by rbenv
> + ruby-build, both available as ports) seems to no longer be able to
> connect to HTTPS hosts.
> 
> By some trial and error, I managed to find that symlinking the certs
> installed by the curl-ca-bundle port into the new "real" home of
> OpenSSL solved the problem:
> 
> sudo ln -s /opt/local/share/curl/curl-ca-bundle.crt
> /opt/local/libexec/openssl11/etc/openssl/cert.pem
> 
> Can anyone point me to a better solution?
> 
> I note that the Ruby OpenSSL module (built under the old OpenSSL port
> regime) is linked to /opt/local/lib/{libssl,libcrypto}.1.1.dylib. If I
> rebuild Ruby after updating to the new port regime, it is linked to
> /opt/local/libexec/openssl11/lib/{libssl,libcrypto}.1.1.dylib. Either
> way, SSL connections fail unless I symlink cert.pem as above. There
> are no apparent breakages in the linking itself.
> 
> Thanks,
> Aaron

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1930 bytes
Desc: not available
URL: <http://lists.macports.org/pipermail/macports-dev/attachments/20211013/6e6c5041/attachment.bin>


More information about the macports-dev mailing list