[MacPorts] #72080: postgresql16, postgresql17: sslrootcert=system fails
MacPorts
noreply at macports.org
Tue Mar 11 10:22:39 UTC 2025
#72080: postgresql16, postgresql17: sslrootcert=system fails
-----------------------------------------+----------------------
Reporter: jawj | Owner: dgilman
Type: defect | Status: assigned
Priority: Normal | Milestone:
Component: ports | Version: 2.10.5
Resolution: | Keywords:
Port: postgresql16, postgresql17 |
-----------------------------------------+----------------------
Comment (by jawj):
Thanks. I did a small amount of additional digging around
{{{OPENSSLDIR}}}:
{{{
% /opt/local/bin/openssl version -a
...
OPENSSLDIR: "/opt/local/libexec/openssl3/etc/openssl"
...
% ll /opt/local/libexec/openssl3/etc/openssl
...
lrwxr-xr-x 1 root admin 40B 18 Feb 09:02 cert.pem ->
/opt/local/share/curl/curl-ca-bundle.crt
...
% ll /opt/local/share/curl/curl-ca-bundle.crt
ls: /opt/local/share/curl/curl-ca-bundle.crt: No such file or directory
}}}
So then I tried:
{{{
sudo port install curl-ca-bundle
/opt/local/bin/psql17 'postgresql://user:pass@ep-broad-dew-a5k9hi1k.us-
east-2.aws.neon.tech/neondb?sslrootcert=system'
}}}
And now {{{sslrootcert=system}}} works just fine!
So: I think the fix for this problem is probably just to add the port
{{{curl-ca-bundle}}} as a dependency for both the {{{postgresql16}}} and
{{{postgresql17}}} ports. Are you happy to do that?
There's no need to go back further, since Postgres 16 was the first
version to support this connection parameter value.
Of course, there might be a case for adding {{{curl-ca-bundle}}} as a
dependency of {{{openssl3}}} as well/instead. But perhaps the
{{{openssl3}}} maintainers have their own reasons for not doing so.
--
Ticket URL: <https://trac.macports.org/ticket/72080#comment:4>
MacPorts <https://www.macports.org/>
Ports system for macOS
More information about the macports-tickets
mailing list