[MacPorts] #38015: OpenSSL 1.0.1d Broken
MacPorts
noreply at macports.org
Mon Feb 11 19:30:52 PST 2013
#38015: OpenSSL 1.0.1d Broken
--------------------------+-------------------
Reporter: dylanryan@… | Owner: mww@…
Type: defect | Status: new
Priority: Normal | Milestone:
Component: ports | Version: 2.1.3
Resolution: | Keywords:
Port: OpenSSL |
--------------------------+-------------------
Comment (by leo@…):
Replying to [ticket:38015 dylanryan@…]:
For
{{{
$ openssl version
OpenSSL 1.0.1e 11 Feb 2013
}}}
wget workaround: add root certificate "OU = Equifax Secure Certificate
Authority, O = Equifax, C = US", for example from /opt/local/share/curl
/curl-ca-bundle.crt
{{{
$ wget --ca-certificate=/opt/local/share/curl/curl-ca-bundle.crt
https://google.com/
$ arch -x86_64 wget --ca-certificate=/opt/local/share/curl/curl-ca-
bundle.crt https://google.com/
$ arch -i386 wget --ca-certificate=/opt/local/share/curl/curl-ca-
bundle.crt https://google.com/
}}}
Both 32-bit & 64-bit version `wget' work fine.
curl & "openssl s_client" workaround: use 32-bit or use RC4-SHA cipher
{{{
$ arch -i386 curl https://google.com/
$ arch -x86_64 curl --ciphers $( openssl ciphers | sed 's/ECDH[^:]*://g' )
https://google.com/
$ arch -i386 openssl s_client -connect www.google.com:443 -CAfile
/opt/local/share/curl/curl-ca-bundle.crt -debug
$ arch -x86_64 openssl s_client -connect www.google.com:443 -CAfile
Equifax\ Secure\ Certificate\ Authority.pem -cipher $( openssl ciphers |
sed 's/ECDH[^:]*://g' )
}}}
--
Ticket URL: <https://trac.macports.org/ticket/38015#comment:16>
MacPorts <http://www.macports.org/>
Ports system for Mac OS
More information about the macports-tickets
mailing list