[MacPorts] #46539: GitHub fetches fail under OSX 10.5 (and presumably 10.4)
MacPorts
noreply at macports.org
Mon Jan 12 15:09:35 PST 2015
#46539: GitHub fetches fail under OSX 10.5 (and presumably 10.4)
--------------------+--------------------------------
Reporter: fw@… | Owner: macports-tickets@…
Type: defect | Status: new
Priority: Low | Milestone:
Component: ports | Version: 2.3.3
Keywords: | Port: macports
--------------------+--------------------------------
While testing the new Portfile for osxfuse, I ran into a problem where my
machines running 10.5 were unable to fetch the distfiles from GitHub due
to an ostensible certificate problem. However, it's not actually a
certificate problem - it's apparently an OpenSSL code version problem.
There are two parts to this problem:
1) Under 10.5, the OSX-provided OpenSSL library (version 0.97l) is too old
for the corresponding curl to work with GitHub. The OpenSSL 0.9.8y
supplied by 10.6 ''server'' works, though I don't know if standard 10.6 is
different. I suspect that the watershed is between 0.9.7 and 0.9.8,
possibly related to "secure renegotiation" support.
2) Even if the curl and openssl ports are installed, MacPorts doesn't use
the newer curl internally.
This isn't a terribly serious problem, since:
1) It can be worked around by adding "fetch.ignore_sslcert=yes" to the
install or fetch command. This is actually quite safe, since the checksum
verification makes MitM attacks on the content pretty pointless, anyway.
2) "Published" ports normally have the distfiles available from the
MacPorts servers, so the GitHub access is unnecessary.
If there isn't a reasonable fix for this, it should probably at least be
documented, to keep others from tearing their hair out while chasing
phantom certificate issues. Due to !#2, it's mainly a port developer
issue, not an end-user issue.
P.S.: Perhaps someone with a vanilla Snow Leopard "client" install could
post the result of "/usr/bin/openssl version".
--
Ticket URL: <https://trac.macports.org/ticket/46539>
MacPorts <https://www.macports.org/>
Ports system for OS X
More information about the macports-tickets
mailing list