The Portfile is in /opt/local/var/db/dports/sources/rsync.rsync.darwinports.org_dpupdate_dports/databases/mysql5, and the line to change is:

--with-unix-socket-path=/private/tmp/mysql.sock \


This should allow software linked to this client to access the running MySQL daemon from the binary version. Build & install:

sudo port -v install mysql5


Then rebuild and reinstall any libraries or programs that were linked to mysql. For me, thats curl, php and ruby…


sudo port -v uninstall curl
sudo port -v install curl +openssl +mysql5

sudo port -v uninstall rb-rubygems
sudo port -v uninstall ruby
sudo port -v install ruby +apache2 +mysql5
sudo port -v install rb-rubygems


PHP Fatal error: Unable to start curl module in Unknown on line 0

This blog points out the reason:

Basically, MySQL saw it fit to link their binary distribution not against OpenSSL (which is probably available on near 100% of unixoid hosts out there), but YaSSL – of which I personally never even heard. Since function names seem to clash between Ya and OpenSSL, we have a nice mixup here that libcurl (which also links against OpenSSL) can’t really digest. It tries to call the YaSSL init function on startup and fails miserably.

I’m pretty sure that work around will be to recompile PHP and possibly curl to link against a Macports version of mysql — although I still intend to keep using the binary install from mysql. I’ll have to build mysql so that it uses the same socket destination as the binary install; either that or modify the start up scripts of the binary install to use the default socket location of the Macports install. I’m not sure when I’ll deal with this…

Next, edit misc/CA.pl. I changed these lines:

$DAYS="-days 1365"; # 3.74 years
$CATOP="./CA";
$DIRMODE = 0755;


Generate a new Certificate Authority (CA), Certificate Request (a.k.a. private key, for our purposes), and Certificate. Keep this in mind:
* use a password you’ll remember
* press Enter to accept the defaults from openssl.cnf
* skip the challenge password by pressing Enter

sudo misc/CA.pl -newca
sudo misc/CA.pl -newreq
sudo misc/CA.pl -signreq


Rename the files to something more appropriate:

sudo mv newkey.pem localhost-key.pem
sudo mv newcert.pem localhost-cert.pem


Unencrypt the private key, so you don’t have to enter a password everytime that apache starts up:

sudo openssl rsa -in localhost-key.pem -out localhost-unenc-key.pem
sudo chown www localhost-unenc-key.pem
sudo chmod 0400 localhost-unenc-key.pem


Now edit the file /opt/local/apache2/conf/extra/httpd-ssl.conf. Here are the lines that I changed:


SSLCertificateFile /opt/local/etc/openssl/localhost-cert.pem
SSLCertificateKeyFile /opt/local/etc/openssl/localhost-unenc-key.pem
SSLCACertificateFile /opt/local/etc/openssl/CA/cacert.pem
SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect file:/dev/urandom 512
SSLSessionCache shmcb:/private/var/log/httpd/ssl_scache(512000)
SSLMutex file:/private/var/log/httpd/ssl_mutex
DocumentRoot "/Library/WebServer/Documents"
ServerName localhost:443
ServerAdmin me@localhost
ErrorLog /private/var/log/httpd/ssl_error_log
TransferLog /private/var/log/httpd/ssl_access_log
CustomLog /private/var/log/httpd/ssl_request_log \


And finally, edit the /opt/local/apache2/conf/httpd.conf file and uncomment the include line:
# Secure (SSL/TLS) connections
Include conf/extra/httpd-ssl.conf

That should be all. Start up apache and check the log files in /private/var/log/httpd. My error_log says:

[Sun Apr 01 11:49:18 2007] [notice] Digest: generating secret for digest authentication ...
[Sun Apr 01 11:49:18 2007] [notice] Digest: done
[Sun Apr 01 11:49:18 2007] [notice] Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.8e
DAV/2 PHP/5.2.1 configured -- resuming normal operations

And my new ssl_error_log has a warning:

[Sun Apr 01 11:49:17 2007] [warn] RSA server certificate is a CA certificate
(BasicConstraints: CA == TRUE !?)


And https://localhost works. Enjoy!