On 2017-02-10 03:18, Kastus Shchuka wrote: > I am trying to upgrade libressl (2.4.5), and as binary package is not > available yet, port command attempts to build from source but fails > to retrieve distfile. I am seeing 404 error from all mirrors, and > from openbsd.org site I am getting this error: > > :notice:fetch ---> Attempting to fetch libressl-2.4.5.tar.gz from > https://ftp.openbsd.org/pub/OpenBSD/LibreSSL :debug:fetch Fetching > distfile failed: SSL peer handshake failed, the server most likely > requires a client certificate to connect > > I can download the file manually with curl command, it recognizes > let’s encrypt certificate just fine. I wonder what command does port > uses for download?
MacPorts uses libcurl from the system. You probably used curl installed from MacPorts which would also use a SSL library from MacPorts. Try to replicate the problem with /usr/bin/curl. This server supports only TLS 1.2, and many more servers are abolishing older TLS versions for good reasons. If you are using a macOS version equal or older than 10.7, the SecureTransport/OpenSSL library versions do not yet support TLS 1.2 and any attempt to connect will fail. https://trac.macports.org/ticket/51516 On top of this, distfiles mirroring is known to be broken since we migrated away from macOS forge. https://trac.macports.org/ticket/53347 As a workaround, download the file manually using curl from MacPorts (or with a browser) and put it to the expected location in /opt/local/var/macports/distfiles/. See the second line in the output of 'port distfiles libressl' for the exact path. Also, consider dropping such an old OS version completely. You will experience more problems of this kind in the future. This version is unsupported by Apple and has known security problems. Rainer
