[MacPorts] #38369: curl: missing Secure Transport (darwinssl) support

Tue Mar 12 13:28:48 PDT 2013

#38369: curl: missing Secure Transport (darwinssl) support
-----------------------------------+--------------------------
  Reporter:  macports-trac-phil@…  |      Owner:  ryandesign@…
      Type:  enhancement           |     Status:  new
  Priority:  Normal                |  Milestone:
 Component:  ports                 |    Version:  2.1.3
Resolution:                        |   Keywords:
      Port:  curl                  |
-----------------------------------+--------------------------
Changes (by larryv@…):

 * keywords:  ssl darwinssl =>
 * owner:  macports-tickets@… => ryandesign@…

Old description:

> Per <http://daniel.haxx.se/blog/2012/06/28/darwin-native-ssl-for-curl/>
> the curl project has supported using Apple's native Secure Transport
> facility for SSL since 7.27.0; we're currently on 7.29.0.
>
> With Secure Transport, the system keychain is used for trust anchors;
> this is sufficient benefit that I think it worth supporting a third SSL-
> related build variant.
>
> "This ninth supported SSL library is now called ‘darwinssl’ in the curl
> code base." -- on this basis, I called the variant in the attached patch
> "darwinssl"; this is my first upstream contribution for MacPorts and I'm
> not aware of how to constrain this option to be available only on darwin,
> given that the port declares it is also appropriate for FreeBSD.  I'm
> using curl built this way now.
>
> % port installed curl
> The following ports are currently installed:
>   curl @7.29.0_0+ares+darwinssl (active)
>   curl @7.29.0_0+ares+sftp_scp+ssl
> % curl --version
> curl 7.29.0 (x86_64-apple-darwin12.2.1) libcurl/7.29.0 SecureTransport
> zlib/1.2.7 c-ares/1.7.5 libidn/1.26
> Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s
> rtsp smtp smtps telnet tftp
> Features: AsynchDNS IDN IPv6 Largefile NTLM NTLM_WB SSL libz
>
> I can retrieve content from a site using a cert for a local CA that is
> installed in the keychains.

New description:

 Per http://daniel.haxx.se/blog/2012/06/28/darwin-native-ssl-for-curl/ the
 curl project has supported using Apple's native Secure Transport facility
 for SSL since 7.27.0; we're currently on 7.29.0.

 With Secure Transport, the system keychain is used for trust anchors; this
 is sufficient benefit that I think it worth supporting a third SSL-related
 build variant.

 "This ninth supported SSL library is now called ‘darwinssl’ in the curl
 code base." -- on this basis, I called the variant in the attached patch
 "darwinssl"; this is my first upstream contribution for MacPorts and I'm
 not aware of how to constrain this option to be available only on darwin,
 given that the port declares it is also appropriate for FreeBSD.  I'm
 using curl built this way now.

 {{{
 % port installed curl
 The following ports are currently installed:
   curl @7.29.0_0+ares+darwinssl (active)
   curl @7.29.0_0+ares+sftp_scp+ssl
 % curl --version
 curl 7.29.0 (x86_64-apple-darwin12.2.1) libcurl/7.29.0 SecureTransport
 zlib/1.2.7 c-ares/1.7.5 libidn/1.26
 Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp
 smtp smtps telnet tftp
 Features: AsynchDNS IDN IPv6 Largefile NTLM NTLM_WB SSL libz
 }}}

 I can retrieve content from a site using a cert for a local CA that is
 installed in the keychains.

--

Comment:

 Thanks for the ticket. In the future, please Cc relevant port maintainers
 and use [[WikiFormatting]].

-- 
Ticket URL: <https://trac.macports.org/ticket/38369#comment:1>
MacPorts <http://www.macports.org/>
Ports system for OS X