I was unable to connect to many services this morning, including my own API, via curl on macOS Catalina. I was able to resolve the issue by ensuring I was up to date on security patches, rebooting, then reinstalling openssl and upgrading curl to latest:
essentially, serving a website to older devices that are missing the X1 certificate is broken now that the X3 certificate expired yesterday...
or?
(meaning, it's not a realistic strategy to tell clients to update/upgrade, and the cert-expired page makes you look dodgy, and mavericks ain't never getting a chrome higher than 67 and there are tons of people on that still, so...)
