Re: provide latest OS root certificates via port?

> >> it uses the libcurl support compiled into macports base, which >> defaults to using the system curl. To change that you need to rebuild >> base against an updated lib curl. > > Is that something that can be made to happen for all users by the creation > of a new version of something (e.g.,

Re: port cannot fetch because of expired cert, but cert is OK according to Safari, curl (question related to Mojave / Catalina)

Actually it was more about curl, using that as a reference point to see if it was behaving differently with certificates based on user. André-John Sent from my phone. Envoyé depuis mon téléphone. > On 07 Nov 2021, at 01:03, Kastus Shchuka wrote: > >  > >> On Nov 6, 2021, at 7:53 PM,

Re: port cannot fetch because of expired cert, but cert is OK according to Safari, curl (question related to Mojave / Catalina)

On Nov 7, 2021, at 00:03, Kastus Shchuka wrote: > > On the other hand, it's plain dumb why it works for me. As you can see below, > org.macports.fetch does not use HTTPS, it downloads over HTTP. Certificates > are just irrelevant for that. > > I am not sure what part of macports.conf

Re: port cannot fetch because of expired cert, but cert is OK according to Safari, curl (question related to Mojave / Catalina)

On 2021-11-07 at 06:40:01 UTC-0500 (Sun, 7 Nov 2021 12:40:01 +0100) Gerben Wierda via macports-users is rumored to have said: The reason is libcurl in Mojave which is less permissive than High Sierra. I'm unconvinced of that. I have my own Mojave machines working without a problem after

Re: port cannot fetch because of expired cert, but cert is OK according to Safari, curl (question related to Mojave / Catalina)

Hi. Just out of interest I’ve tried to fetch nsd on my Mojave Absolutely standard MacPorts installation MacBook-Pro:~ mashavecher$ sudo port -d fetch nsd Password: DEBUG: Copying /Users/mashavecher/Library/Preferences/com.apple.dt.Xcode.plist to /opt/local/var/macports/home/Library/Preferences

Re: port cannot fetch because of expired cert, but cert is OK according to Safari, curl (question related to Mojave / Catalina)

The reason is libcurl in Mojave which is less permissive than High Sierra. Sent from my iPhone > On 7 Nov 2021, at 03:08, Kastus Shchuka wrote: > > Something does not add up here. > > High Sierra is older than Mojave, right? I can fetch sources of nsd on High > Sierra without any problems:

Re: port cannot fetch because of expired cert, but cert is OK according to Safari, curl (question related to Mojave / Catalina)

On Sun, 7 Nov 2021, Bill Cole wrote: I have my own Mojave machines working without a problem after removing the bad certificate from /etc/ssl/cert.pem. The one that starts like this: [...] Intrigued, I checked my own: mackie:~ dave$ grep "Not After" /etc/ssl/cert.pem Not

Re: port cannot fetch because of expired cert, but cert is OK according to Safari, curl (question related to Mojave / Catalina)

On 2021-11-07 at 16:29:30 UTC-0500 (Mon, 8 Nov 2021 08:29:30 +1100 (EST)) Dave Horsfall is rumored to have said: On Sun, 7 Nov 2021, Bill Cole wrote: I have my own Mojave machines working without a problem after removing the bad certificate from /etc/ssl/cert.pem. The one that starts like

Re: port cannot fetch because of expired cert, but cert is OK according to Safari, curl (question related to Mojave / Catalina)

On Sun, 7 Nov 2021, Bill Cole wrote: So I wonder how widespread this problem is? The problem in this case is not the existence of the cert in the CA bundle, but the fact that this particular expired cert was used in an alternative validation path and the logic of verification for multi-path