Yeap, if I do the curl with the --cacert option pointing to the crt bundle I downloaded, it works. But I see the StartCom certificates in my keyring, any ideas?
ps. What I have done:
$ /usr/bin/curl -s https://api.textmate.org/releases/beta { url = 'https://api.textmate.org/downloads/TextMate_r9383.tbz'; version = '2.0-alpha.9383'; revision = 9383; signee = 'org.textmate.duff'; signature = 'MCwCFHEs86+9exh//OyZhfSLTHuvYOYtAhQcLMTtomn8wLMhYA2jfK7COcHtUA=='; }
$ /usr/bin/curl -L -O https://api.textmate.org/downloads/TextMate_r9383.tbz
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option.
However, if I do
$ export CURL_CA_BUNDLE=/usr/share/curl/curl-ca-bundle.crt # where curl-ca-bundle.crt is assembled from Mozilla, for instance
I can use: $ /usr/bin/curl -L -O https://api.textmate.org/downloads/TextMate_r9383.tbz
and it downloads the file properly.
I tried, then, to use RCEnvironment.prefPane to globally set CURL_CA_BUNDLE, thinking TextMate.app would pick it up, but it fails to register. In addition
So, right now, I can just do a small script to update on demand, but not use the in-app update mechanism...
Any ideas?
El 13/02/2013, a las 06:34, Allan Odgaard mailinglist@textmate.org escribió:
On Feb 12, 2013, at 9:04 PM, Juande Santander Vela juandesant@gmail.com wrote:
[…] I have deactivated the macports curl, and added CAs to the system curl, to no avail […]
TextMate uses libcurl (provided by Apple). I _think_ it uses the certificates in your keychain (OS X doesn’t include a CA bundle for curl by default).
You can try to manually hit the URL over https with /usr/bin/curl to see if that works. The URL for this would be https://api.textmate.org/releases/beta
My signing authority is StartCom: https://startssl.org/
textmate mailing list textmate@lists.macromates.com http://lists.macromates.com/listinfo/textmate
-- Juande Santander Vela VIA-SKA Project Manager Instituto de Astrofísica de Andalucía (IAA-CSIC) Glorieta de la Astronomía s/n, E-18008, Granada, Spain
Hellen Keller: Cuando una puerta a la felicidad se cierra, otra se abre; pero a veces nos quedamos tanto tiempo frente a la puerta cerrada que no vemos la que se nos ha abierto.