Opened 10 years ago
Closed 9 years ago
#43205 closed defect (worksforme)
curl-ca-bundle: fails to verify macports.org certificate
| Reported by: | mojca (Mojca Miklavec) | Owned by: | ryandesign (Ryan Carsten Schmidt) |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | ports | Version: | 2.2.99 |
| Keywords: | Cc: | landonf (Landon Fuller), neverpanic (Clemens Lang), cooljeanius (Eric Gallager) | |
| Port: | curl-ca-bundle |
Description
I'm having basically the same problem as described #42718, except that I have curl-ca-bundle installed and no certsync.
$ sudo port -v sync ---> Updating the ports tree Synchronizing local ports tree from file:///Users/me/macports/svn/macports/trunk/dports Updating '/Users/me/macports/svn/macports/trunk/dports': svn: E230001: Unable to connect to a repository at URL 'https://svn.macports.org/repository/macports/trunk' svn: E230001: Server SSL certificate verification failed: certificate has expired Command failed: /opt/local/bin/svn update --non-interactive /Users/me/macports/svn/macports/trunk/dports Exit code: 1 Error: Synchronization of the local ports tree failed doing an svn update ...
$ curl https://www.macports.org/ <?xml version="1.0" encoding="utf-8"?> ... works ...
$ openssl s_client -connect www.macports.org:443 -CAfile /opt/local/etc/openssl/cert.pem CONNECTED(00000003) depth=2 C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA verify error:num=10:certificate has expired notAfter=Jan 28 12:00:00 2014 GMT verify return:0 --- Certificate chain 0 s:/OU=Domain Control Validated/CN=*.macports.org i:/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Domain Validation CA - G2 1 s:/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Domain Validation CA - G2 i:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA --- ...
$ port provides /opt/local/etc/openssl/cert.pem /opt/local/etc/openssl/cert.pem is provided by: curl-ca-bundle
When using certsync instead of curl-ca-bundle it works. When replacing
/opt/local/bin/svn update --non-interactive /Users/me/macports/svn/macports/trunk/dports
by
/usr/bin/svn update --non-interactive /Users/me/macports/svn/macports/trunk/dports
in macports.tcl or when running that command manually (rather than inside macports.tcl) it works as well.
Change History (4)
comment:1 Changed 10 years ago by ryandesign (Ryan Carsten Schmidt)
comment:2 Changed 10 years ago by mojca (Mojca Miklavec)
I uninstalled curl-ca-bundle, installed certsync and it started working.
Then I uninstalled certsync, installed curl-ca-bundle 7.35 and it worked. Then I installed 7.36 again and it worked as well.
The behaviour doesn't seem consistent, so sadly I'm unable to answer your question.
comment:4 Changed 9 years ago by neverpanic (Clemens Lang)
| Resolution: | → worksforme |
|---|---|
| Status: | new → closed |
Since we can not reproduce this, and it hasn't come up since, I'm closing this as worksforme.
Note: See
TracTickets for help on using
tickets.
Is this only since upgrading to version @7.36.0? Does @7.35.0 work better?