[MacPorts] #47805: curl @7.42.1_0+ssl, openssl @1.0.2a_0 - SSL certificate problem: unable to get local issuer certificate
MacPorts
noreply at macports.org
Sat May 23 11:49:09 PDT 2015
#47805: curl @7.42.1_0+ssl, openssl @1.0.2a_0 - SSL certificate problem: unable to
get local issuer certificate
---------------------------+--------------------------
Reporter: fabien@… | Owner: ryandesign@…
Type: defect | Status: new
Priority: Normal | Milestone:
Component: ports | Version: 2.3.3
Resolution: | Keywords:
Port: curl openssl |
---------------------------+--------------------------
Comment (by cal@…):
Replying to [comment:8 fabien@…]:
> Ok, but how can we explain that cUrl works when '''certsync''' is
actived, and not with '''curl-ca-bundle''' ?
Easy enough: MacPorts curl uses MacPorts OpenSSL, which is configured to
use `/opt/local/etc/openssl/cert.pem` as default bundle of trusted root
CAs. `certsync` and `curl-ca-bundle` are two ways to provide this file.
`certsync` exports the certificates your OS X considers trusted (including
manually added and excluding manually distrusted or removed ones), while
`curl-ca-bundle` just installs Mozilla's current list of root CAs.
Apple has removed the Equifax root CA, because it was 1024 bit only and
thus no longer considered secure. Mozilla has apparently not done this
yet, but certainly will soon.
--
Ticket URL: <https://trac.macports.org/ticket/47805#comment:10>
MacPorts <https://www.macports.org/>
Ports system for OS X
More information about the macports-tickets
mailing list