On 2013-11-28 15:25, Landon Fuller wrote: > certsync is tested and works on 10.6+, and is building successfully on all > the buildbots, and a MacPorts update has now shipped with support for > auto-loading certsync's startup item. I've been running certsync since May > without any noticed ill-effects.
I have been using certsync since you announced it here on the list and so far, I did not experience any problems. I am fine with moving to certsync as the new default. For older OS X versions <=10.5, the certsync port could just depend on the curl-ca-bundle and not install any files. Or should we keep the path: dependency style anyway to allow using curl-ca-bundle as an alternative? > I would like to propose that we move to using certsync by default, as a > replacement for curl-ca-bundle. To briefly rehash the benefits of certsync: > - Uses the CAs Apple provides -- that way MacPorts doesn't have to be > in the business of distributing CA certificates. > - Also includes any custom CAs that the user has added. This is the > case for many people who use internal CAs to sign certificates for their > corporate (or personal) services. > - Automatically updates when the System Keychain(s) or trust settings > are modified. The only catch is that custom added certificates or trust anchors need to be in the system keychain to be picked up by certsync by default. As a side note, as of Mavericks the version of curl distributed by Apple uses SecureTransport instead of OpenSSL and accesses the keychain directly to check for trusted CAs [1]. Due to this, /usr/bin/curl looses some functionality. MacPorts' curl still uses OpenSSL and with certsync it will use the same list of certificates without loosing any functionality. Rainer [1] http://curl.haxx.se/mail/archive-2013-10/0036.html _______________________________________________ macports-dev mailing list macports-dev@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/macports-dev
