#38369: curl: add Secure Transport (darwinssl) support -----------------------------------+-------------------------- Reporter: macports-trac-phil@… | Owner: ryandesign@… Type: enhancement | Status: assigned Priority: Normal | Milestone: Component: ports | Version: 2.1.3 Resolution: | Keywords: haspatch Port: curl | -----------------------------------+-------------------------- Comment (by macports-trac-phil@…): Changing will no longer use any OpenSSL or GnuTLS certificate stores, so existing setups may break if folks haven't merged certs into the Keychain too? I suspect that changing the default should wait for MacPorts 2.1.4 so that there can be an email notification of the major changes; curl is embedded pretty deeply into many things, as core infrastructure. But then, I'm conservative in these things. The debug output from libcurl is less informative. Most people won't care. Examples of the differing outputs below (second example is from a non-Mac host). Cipher selection will vary, as might be expected. {{{ * TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 * Server certificate: sks.spodhuis.org * Server certificate: GlobNIX Certificate Authority 3 }}} vs {{{ * successfully set certificate verify locations: * CAfile: /etc/ssl/cert.pem CApath: none * SSL connection using ECDHE-RSA-AES128-SHA256 * Server certificate: * subject: C=NL; ST=Noord Holland; O=GlobNIX Systems; CN=sks.spodhuis.org; emailAddress=keyserver@spodhuis.org * start date: 2011-08-10 04:59:54 GMT * expire date: 2013-05-01 04:59:54 GMT * subjectAltName: sks.spodhuis.org matched * issuer: C=US; O=GlobNIX Systems; OU=Certification Authority; CN=GlobNIX Certificate Authority 3; emailAddress=certificates@globnix.org * SSL certificate verify ok. }}} -- Ticket URL: <https://trac.macports.org/ticket/38369#comment:5> MacPorts <http://www.macports.org/> Ports system for OS X