Upgrading from before the latest changes now gets on the openssl port: Error: Failed to activate openssl: Image error: /opt/local/etc/openssl/cert.pem is being used by the active curl-ca-bundle port. Please deactivate this port first, or use 'port -f activate openssl' to force the activation.
Blair > On Oct 13, 2021, at 1:45 AM, Christopher Jones <[email protected]> > wrote: > > Hi, > >> On 13 Oct 2021, at 9:41 am, Aaron Madlon-Kay <[email protected]> wrote: >> >> Thanks. Two questions: >> >> 1. Is it not a problem that the user may not have curl-ca-bundle >> installed? (I guess it would just be a dangling symlink and that's not >> a problem?) > > I figured a dangling sym. link was no worse than anyway not having the file > it pointed at. > >> >> 2. Does openssl10 not need the same workaround? > > yes, and openssl3. Just doing some test builds on these before pushing them. > > Chris > >> >> -Aaron >> >> On Wed, Oct 13, 2021 at 5:35 PM Christopher Jones >> <[email protected]> wrote: >>> >>> >>> Should be addressed by >>> >>> https://github.com/macports/macports-ports/commit/f972290289d1d8370b3ca69554cbcf046c7023fa >>> >>> >>> On 13 Oct 2021, at 9:21 am, Christopher Jones <[email protected]> >>> wrote: >>> >>> >>> Sorry, forget the comment below, read it the wrong way around… >>> >>> >>> >>> On 13 Oct 2021, at 9:00 am, Christopher Jones <[email protected]> >>> wrote: >>> >>> Hi, >>> >>> Howe does >>> >>> /opt/local/libexec/openssl11/etc/openssl/cert.pem >>> >>> get created, as its not actually part of the openssl11 port itself ? >>> >>> Oberon ~/Projects/MacPorts/ports > port contents openssl11 | grep cert.pem >>> Oberon ~/Projects/MacPorts/ports > >>> >>> Chris >>> >>> On 13 Oct 2021, at 5:58 am, Aaron Madlon-Kay <[email protected]> wrote: >>> >>> Hi all. >>> >>> I know there are some important changes being made to the OpenSSL >>> ports. Today I updated my ports and now have the following installed: >>> >>> % port installed name:openssl >>> The following ports are currently installed: >>> openssl @1.1_0 (active) >>> openssl10 @1.0.2u_2 (active) >>> openssl11 @1.1.1l_2 (active) >>> >>> Apparently as a result of this, my Ruby environment (managed by rbenv >>> + ruby-build, both available as ports) seems to no longer be able to >>> connect to HTTPS hosts. >>> >>> By some trial and error, I managed to find that symlinking the certs >>> installed by the curl-ca-bundle port into the new "real" home of >>> OpenSSL solved the problem: >>> >>> sudo ln -s /opt/local/share/curl/curl-ca-bundle.crt >>> /opt/local/libexec/openssl11/etc/openssl/cert.pem >>> >>> Can anyone point me to a better solution? >>> >>> I note that the Ruby OpenSSL module (built under the old OpenSSL port >>> regime) is linked to /opt/local/lib/{libssl,libcrypto}.1.1.dylib. If I >>> rebuild Ruby after updating to the new port regime, it is linked to >>> /opt/local/libexec/openssl11/lib/{libssl,libcrypto}.1.1.dylib. Either >>> way, SSL connections fail unless I symlink cert.pem as above. There >>> are no apparent breakages in the linking itself. >>> >>> Thanks, >>> Aaron >>> >>> >>> >>> >
