Hi, > On 13 Oct 2021, at 9:41 am, Aaron Madlon-Kay <am...@macports.org> wrote: > > Thanks. Two questions: > > 1. Is it not a problem that the user may not have curl-ca-bundle > installed? (I guess it would just be a dangling symlink and that's not > a problem?)
I figured a dangling sym. link was no worse than anyway not having the file it pointed at. > > 2. Does openssl10 not need the same workaround? yes, and openssl3. Just doing some test builds on these before pushing them. Chris > > -Aaron > > On Wed, Oct 13, 2021 at 5:35 PM Christopher Jones > <jon...@hep.phy.cam.ac.uk> wrote: >> >> >> Should be addressed by >> >> https://github.com/macports/macports-ports/commit/f972290289d1d8370b3ca69554cbcf046c7023fa >> >> >> On 13 Oct 2021, at 9:21 am, Christopher Jones <jon...@hep.phy.cam.ac.uk> >> wrote: >> >> >> Sorry, forget the comment below, read it the wrong way around… >> >> >> >> On 13 Oct 2021, at 9:00 am, Christopher Jones <jon...@hep.phy.cam.ac.uk> >> wrote: >> >> Hi, >> >> Howe does >> >> /opt/local/libexec/openssl11/etc/openssl/cert.pem >> >> get created, as its not actually part of the openssl11 port itself ? >> >> Oberon ~/Projects/MacPorts/ports > port contents openssl11 | grep cert.pem >> Oberon ~/Projects/MacPorts/ports > >> >> Chris >> >> On 13 Oct 2021, at 5:58 am, Aaron Madlon-Kay <am...@macports.org> wrote: >> >> Hi all. >> >> I know there are some important changes being made to the OpenSSL >> ports. Today I updated my ports and now have the following installed: >> >> % port installed name:openssl >> The following ports are currently installed: >> openssl @1.1_0 (active) >> openssl10 @1.0.2u_2 (active) >> openssl11 @1.1.1l_2 (active) >> >> Apparently as a result of this, my Ruby environment (managed by rbenv >> + ruby-build, both available as ports) seems to no longer be able to >> connect to HTTPS hosts. >> >> By some trial and error, I managed to find that symlinking the certs >> installed by the curl-ca-bundle port into the new "real" home of >> OpenSSL solved the problem: >> >> sudo ln -s /opt/local/share/curl/curl-ca-bundle.crt >> /opt/local/libexec/openssl11/etc/openssl/cert.pem >> >> Can anyone point me to a better solution? >> >> I note that the Ruby OpenSSL module (built under the old OpenSSL port >> regime) is linked to /opt/local/lib/{libssl,libcrypto}.1.1.dylib. If I >> rebuild Ruby after updating to the new port regime, it is linked to >> /opt/local/libexec/openssl11/lib/{libssl,libcrypto}.1.1.dylib. Either >> way, SSL connections fail unless I symlink cert.pem as above. There >> are no apparent breakages in the linking itself. >> >> Thanks, >> Aaron >> >> >> >>
smime.p7s
Description: S/MIME cryptographic signature