[TxMt] Re: Failure to update TextMate 2

[Juande Santander Vela]

Yeap, if I do the curl with the --cacert option pointing to the crt bundle I downloaded, it works. But I see the StartCom certificates in my keyring, any ideas?

ps. What I have done:

$ /usr/bin/curl -s https://api.textmate.org/releases/beta
{ url = 'https://api.textmate.org/downloads/TextMate_r9383.tbz'; version = '2.0-alpha.9383'; revision = 9383; signee = 'org.textmate.duff'; signature = 'MCwCFHEs86+9exh//OyZhfSLTHuvYOYtAhQcLMTtomn8wLMhYA2jfK7COcHtUA=='; }

$ /usr/bin/curl -L -O https://api.textmate.org/downloads/TextMate_r9383.tbz

curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.



However, if I do

$ export CURL_CA_BUNDLE=/usr/share/curl/curl-ca-bundle.crt # where curl-ca-bundle.crt is assembled from Mozilla, for instance

I can use:
$ /usr/bin/curl -L -O https://api.textmate.org/downloads/TextMate_r9383.tbz

and it downloads the file properly.

I tried, then, to use RCEnvironment.prefPane to globally set CURL_CA_BUNDLE, thinking TextMate.app would pick it up, but it fails to register. In addition 

So, right now, I can just do a small script to update on demand, but not use the in-app update mechanism...

Any ideas?

El 13/02/2013, a las 06:34, Allan Odgaard <mailinglist at textmate.org> escribió:

> On Feb 12, 2013, at 9:04 PM, Juande Santander Vela <juandesant at gmail.com> wrote:
> 
>> […] I have deactivated the macports curl, and added CAs to the system curl, to no avail […]
> 
> TextMate uses libcurl (provided by Apple). I _think_ it uses the certificates in your keychain (OS X doesn’t include a CA bundle for curl by default).
> 
> You can try to manually hit the URL over https with /usr/bin/curl to see if that works. The URL for this would be https://api.textmate.org/releases/beta
> 
> My signing authority is StartCom: https://startssl.org/
> 
> 
> _______________________________________________
> textmate mailing list
> textmate at lists.macromates.com
> http://lists.macromates.com/listinfo/textmate

--
Juande Santander Vela
VIA-SKA Project Manager
Instituto de Astrofísica de Andalucía (IAA-CSIC)
Glorieta de la Astronomía s/n, E-18008, Granada, Spain

Hellen Keller: Cuando una puerta a la felicidad se cierra, otra se abre;  pero a veces nos quedamos tanto tiempo frente a la puerta cerrada que no vemos la que se nos ha abierto.