It seems that a number of MacPorts users on 10.5 and 10.4 are running into download problems (for example, https://trac.macports.org/ticket/43172 and https://trac.macports.org/ticket/43307). I believe the root cause is that MacPorts base currently depends on the system-supplied curl and for 10.5 and earlier the default system curl certificate bundle is now woefully out-of-date. Two unrelated things are bringing this to the fore now: 1. the MacPorts distfiles not being updated problem (which presumably will eventually get fixed) and 2. the increasing default use of ssl transfers by upstream mirrors (an issue that is only going to get worse). An example is pypi.python.org. There is a fairly simple fix for 10.5 and 10.4 users: they can manually update the system curl certificate bundle. (For 10.6 and above, the system curl does not have its own certificates.) If an up-to-date MacPorts curl port is installed, it is pretty trivial; see https://trac.macports.org/ticket/43172#comment:8. Otherwise, they could download the bundle from somewhere, for example, http://curl.haxx.se/docs/caextract.html. I think it would be very helpful to add something about this somewhere, perhaps in the new website under the OS-version-specific sections. Even better, in addition a check or warning could be added to selfupdate.
-- Ned Deily, [email protected] _______________________________________________ macports-dev mailing list [email protected] https://lists.macosforge.org/mailman/listinfo/macports-dev
