Re: [119549] trunk/dports/irc/weechat/Portfile

Wed, 30 Apr 2014 01:33:19 -0700 

On Apr 30, 2014, at 02:42, and.dam...@macports.org wrote:

> Revision
> 119549
> Author
> and.dam...@macports.org
> Date
> 2014-04-30 00:42:17 -0700 (Wed, 30 Apr 2014)
> Log Message
> 
> port weechat: switch to certsync rather than curl-ca-bundle as default CAs 
> provider, #43512
> Modified Paths
> 
>       • trunk/dports/irc/weechat/Portfile
> Diff
> 
> Modified: trunk/dports/irc/weechat/Portfile (119548 => 119549)
> 
> --- trunk/dports/irc/weechat/Portfile 2014-04-30 02:34:25 UTC (rev 119548)
> +++ trunk/dports/irc/weechat/Portfile 2014-04-30 07:42:17 UTC (rev 119549)
> @@ -38,7 +38,7 @@
>                      port:libiconv \
>                      port:ncurses
>  
> -depends_run-append  path:share/curl/curl-ca-bundle.crt:curl-ca-bundle 
> +depends_run-append  path:etc/openssl/cert.pem:certsync
>  
>  configure.args-append \
>                      -DENABLE_GNUTLS=OFF \
> @@ -48,7 +48,7 @@
>                      -DENABLE_PYTHON=OFF \
>                      -DENABLE_RUBY=OFF \
>                      -DENABLE_ASPELL=OFF \
> -                    -DCA_FILE=${prefix}/share/curl/curl-ca-bundle.crt
> +                    -DCA_FILE=${prefix}/etc/openssl/cert.pem
>  
>  variant aspell description {Support for aspell} {
>      configure.args-delete   -DENABLE_ASPELL=OFF

So far we’ve been defaulting to curl-ca-bundle in other ports. The plan was to 
default to certsync after the problems had been ironed out, and for a brief 
time, they were, but then an update to certsync made it incompatible with 
Leopard and Tiger, and since it synchronizes with the system certificates, 
which on Leopard and Tiger are quite outdated, there’s concern that users of 
older systems would not be able to access web sites secured by newer 
certificate authorities, or those who have had to replace their certificates 
(e.g. due to heartbleed). But because certsync synchronizes with the system 
certificates, it means users with custom (e.g. corporate) certificates can use 
them, which curl-ca-bundle doesn’t have a provision for. So neither port is 
perfect right now, and I’m not aware of anything being done to fix either of 
them.



_______________________________________________
macports-dev mailing list
macports-dev@lists.macosforge.org
https://lists.macosforge.org/mailman/listinfo/macports-dev

Reply via email to