Opened 14 months ago
Last modified 14 months ago
#68217 new defect
openssl* should have curl-ca-bundle as a dependency
| Reported by: | fhgwright (Fred Wright) | Owned by: | |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | ports | Version: | |
| Keywords: | Cc: | ||
| Port: |
Description
Recently, after a port reclaim, I ran across a problem where alpine was complaining ("unable to get local issuer certificate") when accessing an IMAP server via TLS. It appears that the OS-provided root CAs are inadequate, even in a fully updated Ventura. The problem was triggered by the removal of curl-ca-bundle by port reclaim.
Although curl-ca-bundle isn't strictly needed by any openssl port, it does seem to be helpful even in recent OS versions. Since it's a fairly lightweight port, there's probably no good reason not to make it an unconditional dependency (probably just runtime). This should be in in the individual openssl* ports, not the shim port.
A separate question is whether curl-ca-bundle is an appropriate name for something with many uses besides curl. :-)
I forgot to CC the maintainer(s), and don't have access to fix that.