[MacPorts] #47805: curl @7.42.1_0+ssl, openssl @1.0.2a_0 - SSL certificate problem: unable to get local issuer certificate

[MacPorts]

#47805: curl @7.42.1_0+ssl, openssl @1.0.2a_0 - SSL certificate problem: unable to
get local issuer certificate
---------------------------+--------------------------
  Reporter:  fabien@…      |      Owner:  ryandesign@…
      Type:  defect        |     Status:  new
  Priority:  Normal        |  Milestone:
 Component:  ports         |    Version:  2.3.3
Resolution:                |   Keywords:
      Port:  curl openssl  |
---------------------------+--------------------------

Comment (by cal@…):

 Replying to [comment:8 fabien@…]:
 > Ok, but how can we explain that cUrl works when '''certsync''' is
 actived, and not with '''curl-ca-bundle'''  ?

 Easy enough: MacPorts curl uses MacPorts OpenSSL, which is configured to
 use `/opt/local/etc/openssl/cert.pem` as default bundle of trusted root
 CAs. `certsync` and `curl-ca-bundle` are two ways to provide this file.
 `certsync` exports the certificates your OS X considers trusted (including
 manually added and excluding manually distrusted or removed ones), while
 `curl-ca-bundle` just installs Mozilla's current list of root CAs.

 Apple has removed the Equifax root CA, because it was 1024 bit only and
 thus no longer considered secure. Mozilla has apparently not done this
 yet, but certainly will soon.

-- 
Ticket URL: <https://trac.macports.org/ticket/47805#comment:10>
MacPorts <https://www.macports.org/>
Ports system for OS X