proxytunnel's default cacert directory is always empty on macOS

[deFractal]

Currently, proxytunnel looks by default for a CA certificate file in /etc/ssl/certs, but on current versions of macOS, that directory is always empty. Is there a practical means to alter the formula for proxytunnel on macOS to default instead to the cacert.pem file corresponding to the OpenSSL library the proxytunnel binary is linked against?

So, for example, my scripts which use proxytunnel currently call it with --cacert="$(/usr/local/opt/openssl/bin/openssl version -d | cut -d'"' -f2)/cacert.pem" (though perhaps there's a more elegant way to write this). Currently, that substitution maps to --cacert=/usr/local/etc/[email protected]/cacert.pem. Without that, proxytunnel always fails to validate any certificates. If this were addressed, the --cacert argument could be omitted in this case, because proxytunnel would look there by default.

I'm not sure yet where it would make the most sense to create an issue for this. Recommendations welcome.

[carlocab]

I'd look at their Makefile to see if there's a way to configure the default CA cert location at build time, so we can just do this in the formula.

[deFractal]

Alright, @carlocab, as of this commit, it's configurable in their Makefile now. All we have to do to build the new upstream on macOS (besides having the dependencies in place) is to uncomment the line for "DARWIN" and the four lines for "DARWIN, continued" in the new Makefile.

Now I just have some reading to do before I can begin to draft a PR for Homebrew/homebrew-core. Thank you for pointing me in the right direction.

[carlocab]

Thanks for working on this! Uncommenting those lines won't quite work for us, as I mentioned above, since we don't want to assume in the formula that Homebrew is installed in /usr/local.

Your changes will probably also have to make it into a stable release of proxytunnel before we can use them. Alternatively, we can possibly apply a patch in the formula using the commit from your PR.

[deFractal]

I think I've got how to edit the Makefile to use whichever prefix Homebrew's installed in.

Perhaps something like this?

IIUC, to avoid assuming a /usr/local prefix, the version I just pushed of the linked Makefile requires one other change to the formula besides the URL and hashes, particularly to the second line of the formula's def install block:

    system "make", "prefix=#{prefix}"

[carlocab]

That doesn't quite work, since proxytunnel's install prefix is different from the prefix we want to use for OpenSSL. Don't worry about it -- we can always pass the appropriate OPTFLAGS, etc directly to make.

[deFractal]

Makes sense. Feel free to modify my first attempt there, if you'd like, as it'll be a while before I can get back to it. I'd only tested that it compiles correctly, and I can see now it'd need to be tweaked for make install.