Open sckott opened 10 years ago
My understanding is that Apple changed the default behavior of curl and other binaries in Mavericks to centralize certificate management in Keychain Access. See http://curl.haxx.se/mail/archive-2013-10/0036.html. I've yet to be able to get a curl command to send the certificate with the request after importing it into Keychain Access, but that certainly doesn't mean it can't be done. Needs some more investigation.
@sckott Yeah, I worked on this some more in the evening, and it seems to be fixed by compiling RCurl against a non-apple version of libcurl, such as the one provided by MacPorts. When I tried curl from MacPorts on the commandline, the SSL connection worked fine too. So the problem seems isolated tothe apple-provided libcurl.
Configuring and installing RCurl with a custom version of libcurl allows everything to work fine. I can now confirm this is a mac Mavericks issue alone, and so I am closing this bug as not an issue with the dataone
library per se. To work around it you must:
sudo port install curl
$ /opt/local/bin/curl --version
curl 7.37.1 (x86_64-apple-darwin13.2.0) libcurl/7.37.1 OpenSSL/1.0.1i zlib/1.2.8 libidn/1.26
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smtp smtps telnet tftp
Features: IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP
$ which curl-config
/opt/local/bin/curl-config
install.packages("RCurl", type="source")
Once the new version of RCurl is installed, install devtools
and httr
. When I do this and log in to get my DataONE certificate, all dataone
tests pass.
thanks @mbjones - I'll update my curl
Reopening this curl on mac bug because the workaround no longer works on Yosemite. Need a better solution.
Workaround for now is to use authTokens instead.
If there's already an issue for this, close this...
We realized at the hackathon that default
curl
on Mac (was it just mavericks?) causes authentication to not work, but does if users update to a more recentcurl
. Are there other OSes that are affected? Do Windows users and Linux users have a curl version by default that works?The same issue in ropensci/rnbn#3 where SSL certificates used as well for authentication