Re: provide latest OS root certificates via port?

> On Nov 11, 2021, at 23:20, raf wrote: > > or using > the curl binary in the path Never going to happen. We don't want to maintain two code paths for the same purpose.

Re: provide latest OS root certificates via port?

On Tue, Nov 09, 2021 at 09:11:26AM -0600, Ryan Schmidt wrote: > On Nov 7, 2021, at 06:23, Christopher Jones wrote: > > > >>> it uses the libcurl support compiled into macports base, which > >>> defaults to using the system curl. To change that you need to rebuild > >>> base against an updated

Re: provide latest OS root certificates via port?

On Nov 7, 2021, at 06:23, Christopher Jones wrote: > >>> it uses the libcurl support compiled into macports base, which >>> defaults to using the system curl. To change that you need to rebuild >>> base against an updated lib curl. >> >> Is that something that can be made to happen for all

Re: provide latest OS root certificates via port?

> >> it uses the libcurl support compiled into macports base, which >> defaults to using the system curl. To change that you need to rebuild >> base against an updated lib curl. > > Is that something that can be made to happen for all users by the creation > of a new version of something (e.g.,

Re: provide latest OS root certificates via port?

On Fri, Nov 05, 2021 at 09:11:25PM -0400, "Richard L. Hamilton" wrote: > mpstats uses (by default the OS version of) libcurl (which you don't > want to replace like that!) and not the executable, which is why > what you tried didn't work (didn't work for me either when I'd tried > earlier). >

Re: provide latest OS root certificates via port?

On Sat, Nov 06, 2021 at 01:09:50AM +, Christopher Jones wrote: > > > > > Unfortunately, mpstats submit still doesn't work on 10.6.8, > > even with /usr/bin/curl replaced with a symlink to > > /opt/local/bin/curl. I don't understand that. > > /usr/bin/curl https://ports.macports.org works

Re: provide latest OS root certificates via port?

> On 29 Oct 2021, at 17:09, Bill Cole > wrote: > > Yes: Anyone running Mojave or earlier is not exactly skydiving without a > parachute, but is doing something close. Perhaps it's akin to skydiving with > a homemade parachute… To be fair: given that Apple does not announce life cycle for

Re: provide latest OS root certificates via port?

mpstats uses (by default the OS version of) libcurl (which you don't want to replace like that!) and not the executable, which is why what you tried didn't work (didn't work for me either when I'd tried earlier). As things stand, one would have to get the MacPorts source (not a port!) and

Re: provide latest OS root certificates via port?

> > Unfortunately, mpstats submit still doesn't work on 10.6.8, > even with /usr/bin/curl replaced with a symlink to > /opt/local/bin/curl. I don't understand that. > /usr/bin/curl https://ports.macports.org works there with > the symlink in place. mpstat doesn’t use the command line curl

Re: provide latest OS root certificates via port?

On Fri, Nov 05, 2021 at 09:30:28AM -0500, Ryan Schmidt wrote: > On Oct 31, 2021, at 04:37, raf wrote: > > > On 10.14: > > > >> /opt/local/libexec/mpstats submit > > Submitting data to https://ports.macports.org/statistics/submit/ ... > > Error: Peer certificate cannot be authenticated with

Re: provide latest OS root certificates via port?

On Oct 31, 2021, at 04:37, raf wrote: > On 10.14: > >> /opt/local/libexec/mpstats submit > Submitting data to https://ports.macports.org/statistics/submit/ ... > Error: Peer certificate cannot be authenticated with given CA certificates > while executing > "curl post

Re: provide latest OS root certificates via port?

I tried that too, and it didn't work for me either. Turns out from a comment on that ticket I mentioned previously that mpstats and other MacPorts commands (like "port"?) don't use /usr/bin/curl, they have a tcl binding to (by default, the system version of) libcurl. So replacing the executable

Re: provide latest OS root certificates via port?

On Mon, Nov 01, 2021 at 06:37:08AM -0400, "Richard L. Hamilton" wrote: > > > > On Nov 1, 2021, at 03:12, raf wrote: > > > > On Sat, Oct 30, 2021 at 05:49:11AM -0700, Al Varnell via macports-users > > wrote: > > > >> I see that I already have the latest ISRG Root X1 certificate in the >

Re: provide latest OS root certificates via port?

> On Nov 1, 2021, at 03:12, raf wrote: > > On Sat, Oct 30, 2021 at 05:49:11AM -0700, Al Varnell via macports-users > wrote: > >> I see that I already have the latest ISRG Root X1 certificate in the >> System Roots keychain, so not sure why I would need to add it to my >> System keychain. >

Re: provide latest OS root certificates via port?

Sent from my iPad On Nov 1, 2021, at 00:12, raf wrote: >> And when I went to https://letsencrypt.org/certs/isrgrootx1.pem >> to download, it showed up as a .cer instead of a .pem. >> >> -Al- > > That file is in PEM format. > Is it just the filename suffix that is of concern, or the format?

Re: provide latest OS root certificates via port?

On Mon, Nov 01, 2021 at 08:13:14AM +0100, Henning Hraban Ramm wrote: > > > Am 01.11.2021 um 00:32 schrieb raf : > > > > On Sun, Oct 31, 2021 at 11:46:46AM +0100, Henning Hraban Ramm > > wrote: > >> > >> I’m working on a 2013 Mac mini and can’t upgrade further than 10.14 (don’t > >> want

Re: provide latest OS root certificates via port?

> Am 01.11.2021 um 00:32 schrieb raf : > > On Sun, Oct 31, 2021 at 11:46:46AM +0100, Henning Hraban Ramm > wrote: >> >> I’m working on a 2013 Mac mini and can’t upgrade further than 10.14 (don’t >> want to loose my 32 bit software, and I seem too stupid for VMs). >> (I also just upgraded a

Re: provide latest OS root certificates via port?

On Sat, Oct 30, 2021 at 05:49:11AM -0700, Al Varnell via macports-users wrote: > I see that I already have the latest ISRG Root X1 certificate in the > System Roots keychain, so not sure why I would need to add it to my > System keychain. It doesn't sound sensible, does it? I followed those

Re: provide latest OS root certificates via port?

On Sun, Oct 31, 2021 at 07:59:29AM -0400, "Richard L. Hamilton" wrote: > I think you're onto something here. (color highlighting added, not in the > original output) > > sh-3.2$ # 10.14 > sh-3.2$ /usr/bin/curl -sS https://ports.macports.org >/dev/null > curl: (60) SSL certificate problem:

Re: provide latest OS root certificates via port?

On Sun, Oct 31, 2021 at 11:46:46AM +0100, Henning Hraban Ramm wrote: > > > Am 31.10.2021 um 10:37 schrieb raf : > > > > On Fri, Oct 29, 2021 at 09:02:34AM -0700, Michael > > wrote: > > > > And this will happen again and again as every root certificate becomes > > ancient and expires. So it

Re: provide latest OS root certificates via port?

https://trac.macports.org/ticket/61333 is an old ticket about mpstats not reporting on Tiger and Leopard. The problem also exists on Snow Leopard (not just certificates there) and as recently as Mojave (certificates). The general solution IMO is that

Re: provide latest OS root certificates via port?

I have always favoured VMWare over parallels myself, and they now offer a free license for non-commerical usages. https://customerconnect.vmware.com/web/vmware/evalcenter?p=fusion-player-personal > On 31 Oct 2021, at 12:07 pm, Richard L. Hamilton wrote: > > Years ago, creating a (then OS X,

Re: provide latest OS root certificates via port?

Years ago, creating a (then OS X, now macOS) VM under free VirtualBox was a horrid pain (which is why I'm running the relatively expensive but nicer Parallels for that and VMs other than Solaris). But apparently now it's relatively easy. You do need plenty of extra disk space and I'd say 8GB

Re: provide latest OS root certificates via port?

I think you're onto something here. (color highlighting added, not in the original output) sh-3.2$ # 10.14 sh-3.2$ /usr/bin/curl -sS https://ports.macports.org >/dev/null curl: (60) SSL certificate problem: certificate has expired # lines of advice in error message skipped here sh-3.2$

Re: provide latest OS root certificates via port?

> Am 31.10.2021 um 10:37 schrieb raf : > > On Fri, Oct 29, 2021 at 09:02:34AM -0700, Michael wrote: > > And this will happen again and again as every root certificate becomes > ancient and expires. So it would be nice to have an easy way to to keep > a system's root certificates up to date,

Re: provide latest OS root certificates via port?

On Fri, Oct 29, 2021 at 09:02:34AM -0700, Michael wrote: > As a user who spent a week trying to figure out what was going on > with more and more sites not working, making less of the information > out there available to figure out how to solve the expired cert, it > was really painful to find

Re: provide latest OS root certificates via port?

hi all, as much as i appreciate every discussion, i would kindly ask everybody to refrain from posting links pointing at actual downloads my 0.02$ x > On 30 Oct 2021, at 2:49 PM, Al Varnell via macports-users > wrote: > > I see that I already have the latest ISRG Root X1 certificate in the

Re: provide latest OS root certificates via port?

I see that I already have the latest ISRG Root X1 certificate in the System Roots keychain, so not sure why I would need to add it to my System keychain. And when I went to https://letsencrypt.org/certs/isrgrootx1.pem to download, it showed up as a

Re: provide latest OS root certificates via port?

So I found this advice online for updating certs without having to worry about trusting expired old certs. 1. Visit https://letsencrypt.org/certs/isrgrootx1.pem to download the certificate, and save it in the Documents folder. 2. Open Terminal, paste this command, and press enter: sudo

Re: provide latest OS root certificates via port?

> ANY "modern", "secure" OS is an inherent time-death, for no good reason. Yes they are, but for good reasons. People discover vulnerabilities and patch them. Unpatched systems are vulnerable. This happens for all sorts of technical issues, especially PKI. For example, Analysis of SSL

Re: provide latest OS root certificates via port?

> On 30 Oct 2021, at 12:02 am, Richard L. Hamilton wrote: > > I have VMs of a couple of old macOS / OS X versions, because I want continued > access to the features that have been removed in more recent versions (32-bit > user land support in Mojave, ability to run PowerPC apps and

Re: provide latest OS root certificates via port?

On Fri, 29 Oct 2021, Bill Cole wrote: Yes: Anyone running Mojave or earlier is not exactly skydiving without a parachute, but is doing something close. Perhaps it's akin to skydiving with a homemade parachute... Well, my ancient MacBook Pro is stuck on High Sierra; then again I'm careful

Re: provide latest OS root certificates via port?

- Original Message - > From: "Bill Cole" > To: "macports-users Users" > Sent: Friday, October 29, 2021 10:09:45 AM > Subject: Re: provide latest OS root certificates via port? > > On 2021-10-29 at 07:23:38 UTC-0400 (Fri, 29 Oct 2021 07:23:38 -0400)

Re: provide latest OS root certificates via port?

> To: "macports-users Users" > Sent: Friday, October 29, 2021 11:25:56 AM > Subject: Re: provide latest OS root certificates via port? > > > >> On Oct 29, 2021, at 12:02, Michael wrote: >> >> As a user who spent a week trying to figure out what was g

Re: provide latest OS root certificates via port?

There is no such thing as a support contract for that, > and DEC does not exist any more. > > Rich > > - Original Message - > From: "Richard L. Hamilton" > To: "macports-users Users" > Sent: Friday, October 29, 2021 11:25:56 AM > Subject: Re: provide

Re: provide latest OS root certificates via port?

working again. There is no such thing as a support contract for that, and DEC does not exist any more. Rich - Original Message - From: "Richard L. Hamilton" To: "macports-users Users" Sent: Friday, October 29, 2021 11:25:56 AM Subject: Re: provide latest OS root c

Re: provide latest OS root certificates via port?

> On Oct 29, 2021, at 12:02, Michael wrote: > > As a user who spent a week trying to figure out what was going on with more > and more sites not working, making less of the information out there > available to figure out how to solve the expired cert, it was really painful > to find out

Re: provide latest OS root certificates via port?

eplace Apple's tools up to the user. - Original Message - From: "Bill Cole" To: "macports-users Users" Sent: Friday, October 29, 2021 10:09:45 AM Subject: Re: provide latest OS root certificates via port? On 2021-10-29 at 07:23:38 UTC-0400 (Fri, 29 Oct 2021 0

Re: provide latest OS root certificates via port?

ot;macports-users Users" > Sent: Friday, October 29, 2021 10:09:45 AM > Subject: Re: provide latest OS root certificates via port? > > On 2021-10-29 at 07:23:38 UTC-0400 (Fri, 29 Oct 2021 07:23:38 -0400) > Richard L. Hamilton > is rumored to have said: > >> You're (p

Re: provide latest OS root certificates via port?

ers that > CANNOT use newer operating systems or browsers. Sometimes, one has > to work with what one has. > > Rich > > - Original Message - > From: "Bill Cole" > To: "macports-users Users" > Sent: Friday, October 29, 2021 10:09:45 AM >

Re: provide latest OS root certificates via port?

operating systems or browsers. Sometimes, one has to work with what one has. Rich - Original Message - From: "Bill Cole" To: "macports-users Users" Sent: Friday, October 29, 2021 10:09:45 AM Subject: Re: provide latest OS root certificates via port? On 2021-10-29 at 07:23:

Re: provide latest OS root certificates via port?

On 2021-10-29 at 07:23:38 UTC-0400 (Fri, 29 Oct 2021 07:23:38 -0400) Richard L. Hamilton is rumored to have said: You're (probably - seems plausible but I haven't verified it myself) right that that's annoying and fixable. But there's a big reason to think carefully about whether to do that.

Re: provide latest OS root certificates via port?

You're (probably - seems plausible but I haven't verified it myself) right that that's annoying and fixable. But there's a big reason to think carefully about whether to do that. If something is old enough that it isn't receiving certificate updates, it probably isn't receiving security

provide latest OS root certificates via port?

Hi, Users of older Apple OSes that are no longer receiving updates probably noticed that Safari and Chrome-based browsers no longer connect to lots of sites because a crucial root certificate has expired. Answer 1 to