homebysix/recipe-robot

macOS 10.14 and Recipe Robot 2.0.0: "curl failure: SSL certificate problem: certificate has expired"

homebysix opened this issue · 0 comments

homebysix commented

Describe the bug
Recipe Robot 2.0.0 depends on curl, and the version of curl that ships with macOS 10.14 does not work with the SSL certificates on certain websites. (Details)

The effect of this is the following incorrect "certificate has expired" warning when Recipe Robot tries to download from an affected website, including MacUpdate (one of two sites where Recipe Robot gets its app descriptions from):

[WARNING] curl failure: SSL certificate problem: certificate has expired
More details here: https://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
HTTPS-proxy has similar options --proxy-cacert and --proxy-insecure. (exit code 60)
    Description (from AlternativeTo): Code combines the streamlined UI of a modern editor with rich code assistance and navigation, and an integrated debugging experience – without the need for a full IDE.

To Reproduce
Steps to reproduce the behavior:

  1. Run Recipe Robot 2.0.0 on macOS 10.14.
  2. Observe the above warning immediately after Getting description... in the output.

The issue can also be reproduced outside of Recipe Robot:

curl -vI https://www.macupdate.com

Expected behavior
No SSL warning should be displayed unless the SSL certificate is actually expired.

Desktop (please complete the following information):

  • macOS: 10.14.5
  • Recipe Robot Version: 2.0.0

Solutions under consideration

  • raising minimum supported OS to 10.15+ for Recipe Robot
  • including a newer version of curl with Recipe Robot, using that instead of the macOS included version
  • suppressing this specific curl SSL warning output if 10.14 is detected