Opened 7 years ago

Closed 7 years ago

#56010 closed defect (fixed)

Default download links for MacPorts installer requires HTTPS

Reported by: mojca (Mojca Miklavec) Owned by: ryandesign (Ryan Carsten Schmidt)
Priority: Normal Milestone:
Component: website Version:
Keywords: Cc: ryandesign (Ryan Carsten Schmidt)
Port:

Description

When users go to https://www.macports.org/install.php#installing and try to download the dmg for installation on an older machine (say, 10.5/ppc), the download link won't work because it requires HTTPS. At least for older systems that's somewhat suboptimal because users don't even know that there's an alternative download location.

Change History (5)

comment:1 Changed 7 years ago by ryandesign (Ryan Carsten Schmidt)

If the user is able to reach https://www.macports.org from that old machine (using a newer browser like TenFourFox), they should also be able to reach https://distfiles.macports.org. They're hosted on the same CDN, both with Let's Encrypt SSL certificates.

I guess the problem is that our download links have once again switched from using our distfiles server to using GitHub. Looks like that happened in [7a1bca656b1409bb2b04b3c574bb2e5a2ef850ef/macports-www] when MacPorts 2.4.2 was released, because the files were uploaded to GitHub first, and I added them to the distfiles server later. I would prefer to use our distfiles CDN links for the web site anyway so let's change that back.

comment:2 Changed 7 years ago by ryandesign (Ryan Carsten Schmidt)

Cc: ryandesign added

comment:3 Changed 7 years ago by mojca (Mojca Miklavec)

Downloading from distfiles works of course. I thought I was using http protocol, but I need to double-check. I was using Safari in any case.

comment:4 Changed 7 years ago by ryandesign (Ryan Carsten Schmidt)

www.macports.org is configured to require https traffic. distfiles.macports.org and packages.macports.org aren't, so that old systems can connect to them.

Tested today, Safari on Leopard can connect to our web site and other servers. Safari on Tiger presents an invalid certificate message, but it you bypass it, it works. It didn't used to be that way; you used to need TenFourTox on Tiger at least and maybe on Leopard, I don't remember. I think the Let's Encrypt certificates we're using now work better on older systems than the GlobalSign certificate we used to use.

comment:5 Changed 7 years ago by ryandesign (Ryan Carsten Schmidt)

Owner: set to ryandesign
Resolution: fixed
Status: newclosed

In 05dd2ef68f1a07b13e4bc94f0ad1b533b611bbad/macports-www:

Switch download links back to our distfiles server

Closes: #56010

Note: See TracTickets for help on using tickets.