[MacPorts] #46539: GitHub fetches fail under OSX 10.5 (and presumably 10.4)

[MacPorts]

#46539: GitHub fetches fail under OSX 10.5 (and presumably 10.4)
---------------------+--------------------------------
  Reporter:  fw@…    |      Owner:  macports-tickets@…
      Type:  defect  |     Status:  new
  Priority:  Low     |  Milestone:
 Component:  base    |    Version:  2.3.3
Resolution:          |   Keywords:
      Port:          |
---------------------+--------------------------------

Comment (by nad@…):

 "AFAICT, the system root CAs are fine, since I can access GitHub from the
 old versions of Safari and Firefox on 10.5 just fine"

 FWIW, on 10.5 (and earlier), the system OpenSSL and curl do not use the
 same source for root CAs as either Safari or Firefox.  By default, curl
 looks for a certificate bundle file at /usr/share/curl/curl-ca-bundle.crt,
 which you can manually update but, as noted above, that still won't help
 for newer SHA256 certs. The system OpenSSL looks for root CAs in
 /System/Library/OpenSSL.  Starting in 10.6, if no root CA match is found
 in /System/Library/OpenSSL, the system OpenSSL will consult the system
 trust store of certificates via TEA (see https://hynek.me/articles/apple-
 openssl-verification-surprises/ for details).

-- 
Ticket URL: <https://trac.macports.org/ticket/46539#comment:6>
MacPorts <https://www.macports.org/>
Ports system for OS X