-
-
Save 1stvamp/2158128 to your computer and use it in GitHub Desktop.
| #!/bin/bash | |
| mkdir /tmp/curl-ca-bundle | |
| cd /tmp/curl-ca-bundle | |
| wget http://curl.haxx.se/download/curl-7.22.0.tar.bz2 | |
| tar xzf curl-7.22.0.tar.bz2 | |
| cd curl-7.22.0/lib/ | |
| ./mk-ca-bundle.pl | |
| if [ ! -d /usr/share/curl/ ]; then | |
| sudo mkdir -p /usr/share/curl/ | |
| else | |
| sudo mv /usr/share/curl/ca-bundle.crt /usr/share/curl/ca-bundle.crt.original | |
| fi | |
| sudo mv ca-bundle.crt /usr/share/curl/ca-bundle.crt | |
| echo | |
| echo "Done!" |
@ashutoshrishi Thank you. I got it working as well 😄
The above commands didn't seem to work on El Capitan for me, possibly because of a newer version of Perl I have.
curl 7.22 is old anyway, you'll want to download 7.49 instead:
wget http://curl.haxx.se/download/curl-7.49.1.tar.gz
tar xzf curl-7.49.1.tar.gz
cd curl-7.49.1/lib/
./mk-ca-bundle.pl
thanks mcmire this works perfectly
If you installed curl with brew install curl then mk-ca-bundle.pl is already at /usr/local/Cellar/curl/x.y.z/libexec/mk-ca-bundle.pl.
@ashutoshrishi @mcmire @mxl I installed curl with brew, then I run mk-ca-bundle.pl from /usr/local/Cellar/curl/7.50.3/libexec/.
I then moved ca-bundle.crt under ~/.weechat/certs/ and set /set weechat.network.gnutls_ca_file "~/.weechat/certs/ca-bundle.crt" in weechat.
Yet, I can't connect to any server using SSL.
I have also tried to install openssl (with brew) and set /set weechat.network.gnutls_ca_file "/usr/local/etc/openssl/cert.pem" (source) - but still no luck.
Playing with /set irc.server.servername.ssl_dhkey_sizedoes not help either (source).
Any ideas?
ps. I am running MacOS 10.11.6 and weechat 1.5 installed with brew install weechat --with-perl --with-python --with-lua --with-ruby
If @ashutoshrishi solution is not working, you may need to complete two additional steps.
After running:
wget http://curl.haxx.se/download/curl-7.49.1.tar.gz
tar xzf curl-7.49.1.tar.gz
cd curl-7.49.1/lib/
Check to see if you are receiving the error: Couldn't open certdata.txt: No such file or directory at ./mk-ca-bundle.pl line 126..
If this is the case, open the script and look for the release url for certdata.
Get the certdata file and place it in the same directory as the ./mk-ca-bundle.pl
wget https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt
Finally, run:
./mk-ca-bundle.pl
Don't forget to tell weechat where the new ca-bundle.crt is:
weechat: /set weechat.network.gnutls_ca_file = "~/.weechat/certs/ca-bundle.crt"
You may need to add this file to the ~/.weechat/weechat.conf if it does not persist across sessions
@ElpsySec Thanks much for this
@ElpsySec thank you!
Setting /set weechat.network.gnutls_ca_file "/usr/local/etc/openssl/cert.pem" as in WeeChat FAQ works for me. Homebrew OpenSSL Caveats says:
==> Caveats
A CA file has been bootstrapped using certificates from the SystemRoots
keychain. To add additional certificates (e.g. the certificates added in
the System keychain), place .pem files in
/usr/local/etc/openssl/certs
and run
/usr/local/opt/openssl/bin/c_rehash
This formula is keg-only, which means it was not symlinked into /usr/local,
because Apple has deprecated use of OpenSSL in favor of its own TLS and crypto libraries.
If you need to have this software first in your PATH run:
echo 'export PATH="/usr/local/opt/openssl/bin:$PATH"' >> ~/.zshrc
For compilers to find this software you may need to set:
LDFLAGS: -L/usr/local/opt/openssl/lib
CPPFLAGS: -I/usr/local/opt/openssl/include
For pkg-config to find this software you may need to set:
PKG_CONFIG_PATH: /usr/local/opt/openssl/lib/pkgconfig
Confirming that solution provided by @oblitum works. Many thanks!
@ashutoshrishi thanks for the detailed response. I got a ssl connection working through this. 👍