-
-
Save 1stvamp/2158128 to your computer and use it in GitHub Desktop.
#!/bin/bash | |
mkdir /tmp/curl-ca-bundle | |
cd /tmp/curl-ca-bundle | |
wget http://curl.haxx.se/download/curl-7.22.0.tar.bz2 | |
tar xzf curl-7.22.0.tar.bz2 | |
cd curl-7.22.0/lib/ | |
./mk-ca-bundle.pl | |
if [ ! -d /usr/share/curl/ ]; then | |
sudo mkdir -p /usr/share/curl/ | |
else | |
sudo mv /usr/share/curl/ca-bundle.crt /usr/share/curl/ca-bundle.crt.original | |
fi | |
sudo mv ca-bundle.crt /usr/share/curl/ca-bundle.crt | |
echo | |
echo "Done!" |
If @ashutoshrishi solution is not working, you may need to complete two additional steps.
After running:
wget http://curl.haxx.se/download/curl-7.49.1.tar.gz
tar xzf curl-7.49.1.tar.gz
cd curl-7.49.1/lib/
Check to see if you are receiving the error: Couldn't open certdata.txt: No such file or directory at ./mk-ca-bundle.pl line 126.
.
If this is the case, open the script and look for the release url for certdata.
Get the certdata file and place it in the same directory as the ./mk-ca-bundle.pl
wget https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt
Finally, run:
./mk-ca-bundle.pl
Don't forget to tell weechat where the new ca-bundle.crt is:
weechat: /set weechat.network.gnutls_ca_file = "~/.weechat/certs/ca-bundle.crt"
You may need to add this file to the ~/.weechat/weechat.conf
if it does not persist across sessions
@ElpsySec Thanks much for this
@ElpsySec thank you!
Setting /set weechat.network.gnutls_ca_file "/usr/local/etc/openssl/cert.pem"
as in WeeChat FAQ works for me. Homebrew OpenSSL Caveats says:
==> Caveats
A CA file has been bootstrapped using certificates from the SystemRoots
keychain. To add additional certificates (e.g. the certificates added in
the System keychain), place .pem files in
/usr/local/etc/openssl/certs
and run
/usr/local/opt/openssl/bin/c_rehash
This formula is keg-only, which means it was not symlinked into /usr/local,
because Apple has deprecated use of OpenSSL in favor of its own TLS and crypto libraries.
If you need to have this software first in your PATH run:
echo 'export PATH="/usr/local/opt/openssl/bin:$PATH"' >> ~/.zshrc
For compilers to find this software you may need to set:
LDFLAGS: -L/usr/local/opt/openssl/lib
CPPFLAGS: -I/usr/local/opt/openssl/include
For pkg-config to find this software you may need to set:
PKG_CONFIG_PATH: /usr/local/opt/openssl/lib/pkgconfig
Confirming that solution provided by @oblitum works. Many thanks!
@ashutoshrishi @mcmire @mxl I installed
curl
withbrew
, then I runmk-ca-bundle.pl
from/usr/local/Cellar/curl/7.50.3/libexec/
.I then moved
ca-bundle.crt
under~/.weechat/certs/
and set/set weechat.network.gnutls_ca_file "~/.weechat/certs/ca-bundle.crt"
in weechat.Yet, I can't connect to any server using SSL.
I have also tried to install
openssl
(with brew) and set/set weechat.network.gnutls_ca_file "/usr/local/etc/openssl/cert.pem"
(source) - but still no luck.Playing with
/set irc.server.servername.ssl_dhkey_size
does not help either (source).Any ideas?
ps. I am running MacOS 10.11.6 and weechat 1.5 installed with
brew install weechat --with-perl --with-python --with-lua --with-ruby