curl +ssl doesn't install curl-ca-bundle.crt since 7.18

[dp macports@…]

Curl stopped packaging a certificate file in version 7.18.0 (see ​http://curl.haxx.se/docs/sslcerts.html). As a result, a clean install of curl +ssl from MacPorts can't verify SSL certificates.

The simplest fix is just to use the file Apple installs. Add one line to the Portfile:

variant ssl {
    depends_lib-append      port:openssl
    configure.args-delete   --without-ssl
    configure.args-append   --with-ca-bundle=/usr/share/curl/curl-ca-bundle.crt
}

[dp macports@…]

It might be cleaner to call /usr/bin/curl-config --ca to get the path to the certificate file.

I'm unclear about MacPorts support for other platforms, but this would have to be resolved some other way there.

[jmroot (Joshua Root)]

Assigning to maintainer.

[ryandesign (Ryan Carsten Schmidt)]

I think I want to handle this by using the "ca-bundle" make target. But that invokes a perl script which downloads "certdata.txt" from mozilla.org. To ensure that everyone gets the same version of this file, we should download it outselves by including it in the portfile's distfiles. But that file seems to change often, and I can't find a URL to download a specific version of the file, only the current file. Right now I'm inclined to make a separate port just for the ca-bundle, so that whenever it changes, users don't also have to rebuild all of curl.

[ryandesign (Ryan Carsten Schmidt)]

Fixed in r36259. A new version of curl should show up within 12 hours via sudo port selfupdate && port outdated

[(none)]

Milestone Port Bugs deleted