cannot download distfile for libressl

Rainer Müller raimue at
Fri Feb 10 14:05:58 UTC 2017

On 2017-02-10 03:18, Kastus Shchuka wrote:
> I am trying to upgrade libressl (2.4.5), and as binary package is not
> available yet, port command attempts to build from source but fails
> to retrieve distfile. I am seeing 404 error from all mirrors, and
> from site I am getting this error:
> :notice:fetch --->  Attempting to fetch libressl-2.4.5.tar.gz from
> :debug:fetch Fetching
> distfile failed: SSL peer handshake failed, the server most likely
> requires a client certificate to connect
> I can download the file manually with curl command, it recognizes
> let’s encrypt certificate just fine. I wonder what command does port
> uses for download?

MacPorts uses libcurl from the system. You probably used curl installed
from MacPorts which would also use a SSL library from MacPorts. Try to
replicate the problem with /usr/bin/curl.

This server supports only TLS 1.2, and many more servers are abolishing
older TLS versions for good reasons. If you are using a macOS version
equal or older than 10.7, the SecureTransport/OpenSSL library versions
do not yet support TLS 1.2 and any attempt to connect will fail.

On top of this, distfiles mirroring is known to be broken since we
migrated away from macOS forge.

As a workaround, download the file manually using curl from MacPorts (or
with a browser) and put it to the expected location in
/opt/local/var/macports/distfiles/. See the second line in the output of
'port distfiles libressl' for the exact path.

Also, consider dropping such an old OS version completely. You will
experience more problems of this kind in the future. This version is
unsupported by Apple and has known security problems.


More information about the macports-users mailing list