[MacPorts] #38369: curl: add Secure Transport (darwinssl) support
MacPorts
noreply at macports.org
Tue Mar 12 17:06:59 PDT 2013
#38369: curl: add Secure Transport (darwinssl) support
-----------------------------------+--------------------------
Reporter: macports-trac-phil@… | Owner: ryandesign@…
Type: enhancement | Status: assigned
Priority: Normal | Milestone:
Component: ports | Version: 2.1.3
Resolution: | Keywords: haspatch
Port: curl |
-----------------------------------+--------------------------
Comment (by macports-trac-phil@…):
Changing will no longer use any OpenSSL or GnuTLS certificate stores, so
existing setups may break if folks haven't merged certs into the Keychain
too?
I suspect that changing the default should wait for MacPorts 2.1.4 so that
there can be an email notification of the major changes; curl is embedded
pretty deeply into many things, as core infrastructure. But then, I'm
conservative in these things.
The debug output from libcurl is less informative. Most people won't
care. Examples of the differing outputs below (second example is from a
non-Mac host). Cipher selection will vary, as might be expected.
{{{
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
* Server certificate: sks.spodhuis.org
* Server certificate: GlobNIX Certificate Authority 3
}}}
vs
{{{
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* SSL connection using ECDHE-RSA-AES128-SHA256
* Server certificate:
* subject: C=NL; ST=Noord Holland; O=GlobNIX Systems;
CN=sks.spodhuis.org; emailAddress=keyserver at spodhuis.org
* start date: 2011-08-10 04:59:54 GMT
* expire date: 2013-05-01 04:59:54 GMT
* subjectAltName: sks.spodhuis.org matched
* issuer: C=US; O=GlobNIX Systems; OU=Certification Authority;
CN=GlobNIX Certificate Authority 3; emailAddress=certificates at globnix.org
* SSL certificate verify ok.
}}}
--
Ticket URL: <https://trac.macports.org/ticket/38369#comment:5>
MacPorts <http://www.macports.org/>
Ports system for OS X
More information about the macports-tickets
mailing list