[MacPorts] #43205: curl-ca-bundle: fails to verify macports.org certificate
MacPorts
noreply at macports.org
Thu Apr 3 14:44:50 PDT 2014
#43205: curl-ca-bundle: fails to verify macports.org certificate
---------------------+----------------------------
Reporter: mojca@… | Owner: ryandesign@…
Type: defect | Status: new
Priority: Normal | Milestone:
Component: ports | Version: 2.2.99
Keywords: | Port: curl-ca-bundle
---------------------+----------------------------
I'm having basically the same problem as described #42718, except that I
have `curl-ca-bundle` installed and no `certsync`.
{{{
$ sudo port -v sync
---> Updating the ports tree
Synchronizing local ports tree from
file:///Users/me/macports/svn/macports/trunk/dports
Updating '/Users/me/macports/svn/macports/trunk/dports':
svn: E230001: Unable to connect to a repository at URL
'https://svn.macports.org/repository/macports/trunk'
svn: E230001: Server SSL certificate verification failed: certificate has
expired
Command failed: /opt/local/bin/svn update --non-interactive
/Users/me/macports/svn/macports/trunk/dports
Exit code: 1
Error: Synchronization of the local ports tree failed doing an svn update
...
}}}
{{{
$ curl https://www.macports.org/
<?xml version="1.0" encoding="utf-8"?>
... works ...
}}}
{{{
$ openssl s_client -connect www.macports.org:443 -CAfile
/opt/local/etc/openssl/cert.pem
CONNECTED(00000003)
depth=2 C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root
CA
verify error:num=10:certificate has expired
notAfter=Jan 28 12:00:00 2014 GMT
verify return:0
---
Certificate chain
0 s:/OU=Domain Control Validated/CN=*.macports.org
i:/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Domain Validation CA - G2
1 s:/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Domain Validation CA - G2
i:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
---
...
}}}
{{{
$ port provides /opt/local/etc/openssl/cert.pem
/opt/local/etc/openssl/cert.pem is provided by: curl-ca-bundle
}}}
When using certsync instead of curl-ca-bundle it works. When replacing
{{{
/opt/local/bin/svn update --non-interactive
/Users/me/macports/svn/macports/trunk/dports
}}}
by
{{{
/usr/bin/svn update --non-interactive
/Users/me/macports/svn/macports/trunk/dports
}}}
in `macports.tcl` or when running that command manually (rather than
inside `macports.tcl`) it works as well.
--
Ticket URL: <https://trac.macports.org/ticket/43205>
MacPorts <http://www.macports.org/>
Ports system for OS X
More information about the macports-tickets
mailing list