
Are you having trouble with SSL on El Capitan (OS X 10.11)?
Me too.
Here are the things I know about it right now:
- OS X’s OpenSSL is ancient (0.9.8-ish).
- SecureTransport (OS X’s replacement for OpenSSL) may fall back to using
OpenSSL if the environment variableSSL_CERT_FILEis set. - Lots of places are “cross-signing” their intermediate certs to upgrade from
SHA-1 to SHA-2 for security reasons. - OS X’s OpenSSL cannot handle the intermediate cross-signing and report that
it cannot verify certificates. SecureTransport handles this just fine. - HomeBrew applications usually don’t support
SecureTransport and instead use HomeBrew’s OpenSSL. /usr/bin/curluses SecureTransport directly, unless you set
SSL_CERT_FILE(see above).
Normally, the above is just fine assuming you don’t set the SSL_CERT_FILE
environment variable.







