Ah yes, I know what’s wrong. Cannot right now but will address when I can.
> On 13 Oct 2021, at 4:25 pm, Blair Zajac <[email protected]> wrote: > > Upgrading from before the latest changes now gets on the openssl port: > > Error: Failed to activate openssl: Image error: > /opt/local/etc/openssl/cert.pem is being used by the active curl-ca-bundle > port. Please deactivate this port first, or use 'port -f activate openssl' > to force the activation. > > Blair > >> On Oct 13, 2021, at 1:45 AM, Christopher Jones <[email protected]> >> wrote: >> >> Hi, >> >>>> On 13 Oct 2021, at 9:41 am, Aaron Madlon-Kay <[email protected]> wrote: >>> >>> Thanks. Two questions: >>> >>> 1. Is it not a problem that the user may not have curl-ca-bundle >>> installed? (I guess it would just be a dangling symlink and that's not >>> a problem?) >> >> I figured a dangling sym. link was no worse than anyway not having the file >> it pointed at. >> >>> >>> 2. Does openssl10 not need the same workaround? >> >> yes, and openssl3. Just doing some test builds on these before pushing them. >> >> Chris >> >>> >>> -Aaron >>> >>> On Wed, Oct 13, 2021 at 5:35 PM Christopher Jones >>> <[email protected]> wrote: >>>> >>>> >>>> Should be addressed by >>>> >>>> https://github.com/macports/macports-ports/commit/f972290289d1d8370b3ca69554cbcf046c7023fa >>>> >>>> >>>> On 13 Oct 2021, at 9:21 am, Christopher Jones <[email protected]> >>>> wrote: >>>> >>>> >>>> Sorry, forget the comment below, read it the wrong way around… >>>> >>>> >>>> >>>> On 13 Oct 2021, at 9:00 am, Christopher Jones <[email protected]> >>>> wrote: >>>> >>>> Hi, >>>> >>>> Howe does >>>> >>>> /opt/local/libexec/openssl11/etc/openssl/cert.pem >>>> >>>> get created, as its not actually part of the openssl11 port itself ? >>>> >>>> Oberon ~/Projects/MacPorts/ports > port contents openssl11 | grep cert.pem >>>> Oberon ~/Projects/MacPorts/ports > >>>> >>>> Chris >>>> >>>> On 13 Oct 2021, at 5:58 am, Aaron Madlon-Kay <[email protected]> wrote: >>>> >>>> Hi all. >>>> >>>> I know there are some important changes being made to the OpenSSL >>>> ports. Today I updated my ports and now have the following installed: >>>> >>>> % port installed name:openssl >>>> The following ports are currently installed: >>>> openssl @1.1_0 (active) >>>> openssl10 @1.0.2u_2 (active) >>>> openssl11 @1.1.1l_2 (active) >>>> >>>> Apparently as a result of this, my Ruby environment (managed by rbenv >>>> + ruby-build, both available as ports) seems to no longer be able to >>>> connect to HTTPS hosts. >>>> >>>> By some trial and error, I managed to find that symlinking the certs >>>> installed by the curl-ca-bundle port into the new "real" home of >>>> OpenSSL solved the problem: >>>> >>>> sudo ln -s /opt/local/share/curl/curl-ca-bundle.crt >>>> /opt/local/libexec/openssl11/etc/openssl/cert.pem >>>> >>>> Can anyone point me to a better solution? >>>> >>>> I note that the Ruby OpenSSL module (built under the old OpenSSL port >>>> regime) is linked to /opt/local/lib/{libssl,libcrypto}.1.1.dylib. If I >>>> rebuild Ruby after updating to the new port regime, it is linked to >>>> /opt/local/libexec/openssl11/lib/{libssl,libcrypto}.1.1.dylib. Either >>>> way, SSL connections fail unless I symlink cert.pem as above. There >>>> are no apparent breakages in the linking itself. >>>> >>>> Thanks, >>>> Aaron >>>> >>>> >>>> >>>> >> >
