I think gnutls is broken on master for OSX currently, see
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=23503
Cache-Control: max-age=0
Expires: Tue, 05 Jul 2016 14:58:42 GMT
Content-Length: 3104
Keep-Alive: timeout=3, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Language: en
...
As you said, one of the key points of your patch is this:
- '("gnutls-cli --x509cafile %t -p %p %h"
+ '("gnutls-cli -p %p %h"
+ "gnutls-cli --x509cafile %t -p %p %h"
Which replaces the specific call with a generic call (no CA file
specified). This is probably less secure because it will use the system
CA trustfiles regardless of the user's preferred `gnutls-trustfiles', so
I'd rather not make it the first thing attempted.
Once the libraries are installed, you're all set, they'll be used
automatically.