Ticket #15048 (closed defect: fixed)
curl +ssl doesn't install curl-ca-bundle.crt since 7.18
| Reported by: | dp macports@… | Owned by: | ryandesign@… |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | ports | Version: | 1.6.0 |
| Keywords: | Cc: | ||
| Port: |
Description
Curl stopped packaging a certificate file in version 7.18.0 (see http://curl.haxx.se/docs/sslcerts.html). As a result, a clean install of curl +ssl from MacPorts can't verify SSL certificates.
The simplest fix is just to use the file Apple installs. Add one line to the Portfile:
variant ssl {
depends_lib-append port:openssl
configure.args-delete --without-ssl
configure.args-append --with-ca-bundle=/usr/share/curl/curl-ca-bundle.crt
}
Change History
comment:2 Changed 5 years ago by jmr@…
- Owner changed from macports-tickets@… to ryandesign@…
Assigning to maintainer.
comment:3 Changed 5 years ago by ryandesign@…
- Status changed from new to assigned
I think I want to handle this by using the "ca-bundle" make target. But that invokes a perl script which downloads "certdata.txt" from mozilla.org. To ensure that everyone gets the same version of this file, we should download it outselves by including it in the portfile's distfiles. But that file seems to change often, and I can't find a URL to download a specific version of the file, only the current file. Right now I'm inclined to make a separate port just for the ca-bundle, so that whenever it changes, users don't also have to rebuild all of curl.


It might be cleaner to call /usr/bin/curl-config --ca to get the path to the certificate file.
I'm unclear about MacPorts support for other platforms, but this would have to be resolved some other way there.