Hi, On Mon, Mar 29, 2021 at 09:54:20AM -0600, Gregory Anders wrote: > Does MacPorts provide a mechanism for adding certificates to the MP > version of OpenSSL?
No. > My system keychain contains some certificates used by my work proxy, > which are (obviously) not in the default CA bundle installed by > MacPorts. Right now, while I'm connected to my work proxy I cannot > connect to anything since the CA is not present in the bundle. I > realize I can just append my CA certificate onto > /opt/local/share/curl/curl-ca-bundle.crt, but I'm wondering if there's > a more "official" or "robust" way. Install the certsync port instead of curl-ca-bundle. That will generate /opt/local/share/curl/curl-ca-bundle.crt as an export from your system trust store, and automatically export your workplace root CAs. Note that you'll have to force-uninstall curl-ca-bundle since many ports will depend on it. Having certsync installed is a drop-in replacement, though, and any future installations will have the curl-ca-bundle dependency fulfilled by certsync instead. HTH, Clemens
