On the Imac (OS 11.6.7): -rw-r--r-- 1 root wheel 346545 Jan 1 2020 cert.pem
~ $ /usr/bin/curl --version curl 7.64.1 (x86_64-apple-darwin20.0) libcurl/7.64.1 (SecureTransport) LibreSSL/2.8.3 zlib/1.2.11 nghttp2/1.41.0 Release-Date: 2019-03-27 Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp Features: AsynchDNS GSS-API HTTP2 HTTPS-proxy IPv6 Kerberos Largefile libz MultiSSL NTLM NTLM_WB SPNEGO SSL UnixSockets Downloads $ /usr/bin/curl -L -v -o tetgen1.5.1.tar.gz https://wias-berlin.de/software/tetgen/1.5/src/tetgen1.5.1.tar.gz % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 62.141.177.111... * TCP_NODELAY set * Connected to wias-berlin.de (62.141.177.111) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/cert.pem CApath: none * TLSv1.2 (OUT), TLS handshake, Client hello (1): } [228 bytes data] * TLSv1.2 (IN), TLS handshake, Server hello (2): { [104 bytes data] * TLSv1.2 (IN), TLS handshake, Certificate (11): { [5152 bytes data] * TLSv1.2 (IN), TLS handshake, Server key exchange (12): { [556 bytes data] * TLSv1.2 (IN), TLS handshake, Server finished (14): { [4 bytes data] * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): } [37 bytes data] * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): } [1 bytes data] * TLSv1.2 (OUT), TLS handshake, Finished (20): } [16 bytes data] * TLSv1.2 (IN), TLS change cipher, Change cipher spec (1): { [1 bytes data] * TLSv1.2 (IN), TLS handshake, Finished (20): { [16 bytes data] * SSL connection using TLSv1.2 / ECDHE-RSA-CHACHA20-POLY1305 * ALPN, server accepted to use http/1.1 * Server certificate: * subject: C=DE; ST=Berlin; L=Berlin; O=Forschungsverbund Berlin e.V.; OU=Weierstrass-Institut f. Angewandte Analysis u. Stochastik (WIAS); OU=RT; CN=www.wias-berlin.de * start date: Aug 4 13:43:33 2021 GMT * expire date: Sep 4 13:43:33 2022 GMT * subjectAltName: host "wias-berlin.de" matched cert's "wias-berlin.de" * issuer: C=DE; O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V.; OU=DFN-PKI; CN=DFN-Verein Global Issuing CA * SSL certificate verify ok. > GET /software/tetgen/1.5/src/tetgen1.5.1.tar.gz HTTP/1.1 > Host: wias-berlin.de > User-Agent: curl/7.64.1 > Accept: */* > 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0< HTTP/1.1 200 OK < Date: Fri, 15 Jul 2022 15:43:03 GMT < Server: Apache-Coyote/1.1 < Strict-Transport-Security: max-age=63072000 < Accept-Ranges: bytes < ETag: W/"282433-1534863100000" < Last-Modified: Tue, 21 Aug 2018 14:51:40 GMT < Content-Type: application/x-gzip < Content-Length: 282433 < { [7906 bytes data] 100 275k 100 275k 0 0 156k 0 0:00:01 0:00:01 --:--:-- 156k * Connection #0 to host wias-berlin.de left intact * Closing connection 0 Mark Brethen mark.bret...@gmail.com > On Jul 15, 2022, at 10:18 AM, Chris Jones <jon...@hep.phy.cam.ac.uk> wrote: > > > > On 15/07/2022 4:16 pm, Mark Brethen wrote: >> cert.perm has the same date > > very surprised ... > > and..... does the curl fetch also fail ? > >> Mark Brethen >> mark.bret...@gmail.com >>> On Jul 15, 2022, at 10:11 AM, Chris Jones <jon...@hep.phy.cam.ac.uk> wrote: >>> >>> >>> >>> On 15/07/2022 4:08 pm, Mark Brethen wrote: >>>> I checked big sur on my iMac, which came installed with big sur. It also >>>> has version 7.64.1. >>> >>> how old is the cert.pem file though ? >>> >>> Does the fetch using /usr/bin/curl work there or not ? >>> >>> I’m surprised macports is using the native curl. Apple is notorious for not >>> updating to the latest versions of software with each new OS. >>>> Mark Brethen >>>> mark.bret...@gmail.com >>>>> On Jul 15, 2022, at 9:55 AM, Chris Jones <jon...@hep.phy.cam.ac.uk> wrote: >>>>> >>>>> >>>>> >>>>> On 15/07/2022 3:49 pm, Mark Brethen wrote: >>>>>> -rw-r--r-- 1 root wheel 346545 Jan 1 2020 cert.pem >>>>> >>>>> The above could be your problem, as that is very old, 2.5 years or so >>>>> now. It actually pre-dates the public release of macOS 11, which wasn't >>>>> until November that year, which makes it quite suspicious... >>>>> >>>>> In comparison mine is from May this year, on macOS12. I would imagine the >>>>> same on macOS 11 to be much more up to date than the above. >>>>> >>>>> This could be some relic of your big update from OSX10.13 to macOS11... >>>>> >>>>> So, I am not sure how, but you need the above to be updated I believe... >>>>> >>>>> Have you checked system update to make sure you are fully up to date ? >>>>> >>>>> Chris >>>>> >>>>>> ~ $ /usr/bin/curl --version >>>>>> curl 7.64.1 (x86_64-apple-darwin20.0) libcurl/7.64.1 (SecureTransport) >>>>>> LibreSSL/2.8.3 zlib/1.2.11 nghttp2/1.41.0 >>>>>> Release-Date: 2019-03-27 >>>>>> Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps >>>>>> pop3 pop3s rtsp smb smbs smtp smtps telnet tftp >>>>>> Features: AsynchDNS GSS-API HTTP2 HTTPS-proxy IPv6 Kerberos Largefile >>>>>> libz MultiSSL NTLM NTLM_WB SPNEGO SSL UnixSockets >>>>>> Mark Brethen >>>>>> mark.bret...@gmail.com <mailto:mark.bret...@gmail.com> >>>>>>> On Jul 15, 2022, at 9:44 AM, Chris Jones <jon...@hep.phy.cam.ac.uk >>>>>>> <mailto:jon...@hep.phy.cam.ac.uk>> wrote: >>>>>>> >>>>>>> /etc/ssl/cert.pem
