Hi everyone,
since one of the earliest versions of TextMate 2, I lost the ability to automatically download a new version, getting the error message:
SSL Certificate problem: verify that the CA...
which I assume comes from the similar curl-error: SSL Certificate problem: verify that the CA cert is OK.
I have deactivated the macports curl, and added CAs to the system curl, to no avail. My workaround is to download the versions from the github page, but I'd very much prefer to get automatic download working again.
Any ideas?
Thanks in advance!
On Feb 12, 2013, at 9:04 PM, Juande Santander Vela juandesant@gmail.com wrote:
[…] I have deactivated the macports curl, and added CAs to the system curl, to no avail […]
TextMate uses libcurl (provided by Apple). I _think_ it uses the certificates in your keychain (OS X doesn’t include a CA bundle for curl by default).
You can try to manually hit the URL over https with /usr/bin/curl to see if that works. The URL for this would be https://api.textmate.org/releases/beta
My signing authority is StartCom: https://startssl.org/
Yeap, if I do the curl with the --cacert option pointing to the crt bundle I downloaded, it works. But I see the StartCom certificates in my keyring, any ideas?
ps. What I have done:
$ /usr/bin/curl -s https://api.textmate.org/releases/beta { url = 'https://api.textmate.org/downloads/TextMate_r9383.tbz'; version = '2.0-alpha.9383'; revision = 9383; signee = 'org.textmate.duff'; signature = 'MCwCFHEs86+9exh//OyZhfSLTHuvYOYtAhQcLMTtomn8wLMhYA2jfK7COcHtUA=='; }
$ /usr/bin/curl -L -O https://api.textmate.org/downloads/TextMate_r9383.tbz
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option.
However, if I do
$ export CURL_CA_BUNDLE=/usr/share/curl/curl-ca-bundle.crt # where curl-ca-bundle.crt is assembled from Mozilla, for instance
I can use: $ /usr/bin/curl -L -O https://api.textmate.org/downloads/TextMate_r9383.tbz
and it downloads the file properly.
I tried, then, to use RCEnvironment.prefPane to globally set CURL_CA_BUNDLE, thinking TextMate.app would pick it up, but it fails to register. In addition
So, right now, I can just do a small script to update on demand, but not use the in-app update mechanism...
Any ideas?
El 13/02/2013, a las 06:34, Allan Odgaard mailinglist@textmate.org escribió:
On Feb 12, 2013, at 9:04 PM, Juande Santander Vela juandesant@gmail.com wrote:
[…] I have deactivated the macports curl, and added CAs to the system curl, to no avail […]
TextMate uses libcurl (provided by Apple). I _think_ it uses the certificates in your keychain (OS X doesn’t include a CA bundle for curl by default).
You can try to manually hit the URL over https with /usr/bin/curl to see if that works. The URL for this would be https://api.textmate.org/releases/beta
My signing authority is StartCom: https://startssl.org/
textmate mailing list textmate@lists.macromates.com http://lists.macromates.com/listinfo/textmate
-- Juande Santander Vela VIA-SKA Project Manager Instituto de Astrofísica de Andalucía (IAA-CSIC) Glorieta de la Astronomía s/n, E-18008, Granada, Spain
Hellen Keller: Cuando una puerta a la felicidad se cierra, otra se abre; pero a veces nos quedamos tanto tiempo frente a la puerta cerrada que no vemos la que se nos ha abierto.
On Feb 18, 2013, at 9:41 PM, Juande Santander Vela jdsant@iaa.es wrote:
[…] I tried, then, to use RCEnvironment.prefPane to globally set CURL_CA_BUNDLE, thinking TextMate.app would pick it up, but it fails to register.
Starting with 10.6 or 10.7 OS X no longer reads ~/.MacOSX/environment.plist
The only way to set variables for all your applications is by editing /etc/launchd.conf — e.g. add:
setenv CURL_CA_BUNDLE /usr/share/curl/curl-ca-bundle.crt
This requires a reboot (or maybe just relogin). To do a test you should be able to execute:
echo 'setenv CURL_CA_BUNDLE /usr/share/curl/curl-ca-bundle.crt'|launchctl
Then the next time you launch TextMate (from Finder), it should have the variable set.
Any ideas?
As for the general problem of why curl fails to verify StartCom certificates, I have no idea, but I’m inclined to think something is broken on your system…
On Feb 18, 2013, at 3:49 PM, Allan Odgaard mailinglist@textmate.org wrote:
On Feb 18, 2013, at 9:41 PM, Juande Santander Vela jdsant@iaa.es wrote:
[…] I tried, then, to use RCEnvironment.prefPane to globally set CURL_CA_BUNDLE, thinking TextMate.app would pick it up, but it fails to register.
Starting with 10.6 or 10.7 OS X no longer reads ~/.MacOSX/environment.plist
The only way to set variables for all your applications is by editing /etc/launchd.conf — e.g. add:
Supposedly /etc/paths.d/ works for this too, have not had time to look into it yet though. That would allow to set paths without modifying a config file maintained by who know who or what.
Gerd
setenv CURL_CA_BUNDLE /usr/share/curl/curl-ca-bundle.crt
This requires a reboot (or maybe just relogin). To do a test you should be able to execute:
echo 'setenv CURL_CA_BUNDLE /usr/share/curl/curl-ca-bundle.crt'|launchctl
Then the next time you launch TextMate (from Finder), it should have the variable set.
Any ideas?
As for the general problem of why curl fails to verify StartCom certificates, I have no idea, but I’m inclined to think something is broken on your system…
textmate mailing list textmate@lists.macromates.com http://lists.macromates.com/listinfo/textmate
On Feb 19, 2013, at 12:29 AM, Gerd Knops gerti-textmate@bitart.com wrote:
[…] Starting with 10.6 or 10.7 OS X no longer reads ~/.MacOSX/environment.plist The only way to set variables for all your applications is by editing /etc/launchd.conf […]
Supposedly /etc/paths.d/ works for this too, have not had time to look into it yet though. That would allow to set paths without modifying a config file maintained by who know who or what.
See ‘man path_helper’ for details about this system — it’s only for the PATH and MANPATH variables and require the shell runs the path_helper executable (and interprets the result, which will be “a shell script”).
El 18/02/2013, a las 18:49, Allan Odgaard mailinglist@textmate.org escribió:
On Feb 18, 2013, at 9:41 PM, Juande Santander Vela jdsant@iaa.es wrote:
[…] I tried, then, to use RCEnvironment.prefPane to globally set CURL_CA_BUNDLE, thinking TextMate.app would pick it up, but it fails to register.
Starting with 10.6 or 10.7 OS X no longer reads ~/.MacOSX/environment.plist
OK, discarding the ~/.MacOSX/ and RCEnvironment.prefPane. Thanks for heads up!
The only way to set variables for all your applications is by editing /etc/launchd.conf — e.g. add:
setenv CURL_CA_BUNDLE /usr/share/curl/curl-ca-bundle.crt
This requires a reboot (or maybe just relogin). To do a test you should be able to execute:
echo 'setenv CURL_CA_BUNDLE /usr/share/curl/curl-ca-bundle.crt'|launchctl
Then the next time you launch TextMate (from Finder), it should have the variable set.
Thanks again, I might try this for other things.
Any ideas?
As for the general problem of why curl fails to verify StartCom certificates, I have no idea, but I’m inclined to think something is broken on your system…
It seems something is (not irreversibly) broken in my user account. In a different account TextMate updates, and curl validates... even when /usr/bin/curl-config --ca keeps showing an blank string.
Thanks!
-- Juande Santander Vela VIA-SKA Project Manager Instituto de Astrofísica de Andalucía (IAA-CSIC) Glorieta de la Astronomía s/n, E-18008, Granada, Spain
Scott Adams: "Principio de Dilbert: Los trabajadores más ineficientes son trasladados sistemáticamente allí donde pueden causar un daño menor: la dirección de la empresa."
On Feb 19, 2013, at 7:48 PM, Juande Santander Vela juandesant@gmail.com wrote:
[…] It seems something is (not irreversibly) broken in my user account. In a different account TextMate updates, and curl validates... even when /usr/bin/curl-config --ca keeps showing an blank string.
Maybe your user keychain?
Happened for me once, I tried to copy a keychain from another system, and until I finally decided to just re-install the OS, I had weird issues with some stuff that couldn’t access the keychain or needed me to enter password.
That may have indeed been the case, as this keychain was imported, and credentials to command line tools may pose a problem.
I have moved the keychain elsewhere and renamed it, so that I can have it handy for obscure passwords I could not retrieve in any other way, but generated a new one, and the problem was solved.
Thanks much for the hint!
El 19/02/2013, a las 16:55, Allan Odgaard mailinglist@textmate.org escribió:
On Feb 19, 2013, at 7:48 PM, Juande Santander Vela juandesant@gmail.com wrote:
[…] It seems something is (not irreversibly) broken in my user account. In a different account TextMate updates, and curl validates... even when /usr/bin/curl-config --ca keeps showing an blank string.
Maybe your user keychain?
Happened for me once, I tried to copy a keychain from another system, and until I finally decided to just re-install the OS, I had weird issues with some stuff that couldn’t access the keychain or needed me to enter password.
-- Juande Santander Vela VIA-SKA Project Manager Instituto de Astrofísica de Andalucía (IAA-CSIC) Glorieta de la Astronomía s/n, E-18008, Granada, Spain
Paul Valery: La guerra es una masacre entre gentes que no se conocen para provecho de gentes que sí se conocen pero no se masacran.
-
Allan Odgaard -
Gerd Knops -
Juande Santander Vela -
Juande Santander Vela