daniel:// stenberg://

1 month ago

daniel:// stenberg://
1 month ago

Remember: when you run #curl shipped by Apple with the --cacert flag it won't behave like #curl does everywhere else. As I wrote about last year. I think they're doing it wrong. They think its fine.

daniel.haxx.se/blog/2024/03/08…

the Apple curl security incident 12604

tldr: Apple thinks it is fine. I do not. On December 28 2023, bugreport 12604 was filed in the curl issue tracker. We get a lot issues filed most days so this fact alone was hardly anything out of the ordinary.

^{daniel.haxx.se}

#curl

in reply to daniel:// stenberg://

Maria Matejka

in reply to daniel:// stenberg:// 1 month ago

can't believe they swept it under the carpet this way

my actual thoughts all over this go like there must be some internal Apple tooling which once got broken by using this exact flag, and instead of fixing the tooling, they patched LibreSSL

in reply to Maria Matejka

daniel:// stenberg://

in reply to Maria Matejka 1 month ago

@marenamat yeah, feels likely. And as they now have shipped it like this for a long time, they don't dare changing it because of the risk something breaks then.

@Maria Matejka

in reply to daniel:// stenberg://

chris

in reply to daniel:// stenberg:// 1 month ago

Sounds like a reason why FOSS projects also need trademark protection, to prevent others from passing off their thing as the real thing.

in reply to daniel:// stenberg://

Teixi

in reply to daniel:// stenberg:// 1 month ago

oh no! those bigcorps still abusing oss instead of facilitating and sponsoring it….

appl grotesque hypocrisy not being open to dialogue towards interoperability consensus…

yet windos still worse with obstruction by pirated alias names copying oss commands

curl asks for something like in ‘git for windos’ that package & install curl. But allows choosing openssl, or win sec channel?

in reply to daniel:// stenberg://

Out of Control 🇨🇦

in reply to daniel:// stenberg:// 1 month ago

Is it safe to assume that the brew installed curl doesn’t have this issue?

in reply to Out of Control 🇨🇦

daniel:// stenberg://

in reply to Out of Control 🇨🇦 1 month ago

@outofcontrol yes, brew installs the open source versions of curl and its TLS dependency that work correctly

@Out of Control 🇨🇦

in reply to daniel:// stenberg://

Out of Control 🇨🇦

in reply to daniel:// stenberg:// 1 month ago

We have tried to supplant as much aging Apples cli apps with open source versions, whenever possible.

in reply to daniel:// stenberg://

Tom Bortels

in reply to daniel:// stenberg:// 1 month ago

Thank you for sharing this here - I hadn't seen it. It's nice to have concrete reason for my shift off of the apple platform other than "they're being jerks".

(I've been de-emphasizing apple because I kinda believe I should be able to run what I want on my own computers and not be restricted by someone else's business model.)

in reply to daniel:// stenberg://

Tom Bortels

in reply to daniel:// stenberg:// 1 month ago

Thank you for sharing this here - I hadn't seen it. It's nice to have concrete reason for my shift off of the apple platform other than "they're being jerks".

(I've been de-emphasizing apple because I kinda believe I should be able to run what I want on my own computers and not be restricted by someone else's business model.)

⇧

daniel:// stenberg://

daniel:// stenberg:// 1 month ago • •

daniel:// stenberg://
1 month ago