fix: use curl for presigned PUT uploads on macOS

OpenSSL 3.6.x / Python 3.14 on Homebrew has a TLS 1.3 bug that causes SSLV3_ALERT_BAD_RECORD_MAC on direct PUT requests to Cloudflare R2. The bug is in the OpenSSL build, not in our code or R2.

Linux (staging/prod Docker) uses a different OpenSSL build and is unaffected — urllib continues to be used there.

On macOS, dispatch to curl which uses SecureTransport/LibreSSL (the macOS system TLS stack), bypassing the broken Homebrew OpenSSL entirely. No security settings are changed; TLS 1.3 + cert validation still runs via SecureTransport.

sha256:76b358caeca8a3640561420963a6b9eef3b8843b596fc981bf93eeda73098c38 sha

sha256:5dd0ef85677d8b60658d7c8aa7969ba12032360dd34df14e79e6f50b3b4d978b parent

sha256:5634cdad86598b02ff10f0154386d3848fe73155f6511ebf6ef05c7ec1626a6c snapshot

← Older Oldest on task/fix-presigned-upload-macos

All commits

Newer → Latest on task/fix-presigned-upload-macos

0 comments

No comments yet. Be the first to start the discussion.

To add a comment, use the Muse CLI: muse hub commit comment sha256:76b358caeca8a3640561420963a6b9eef3b8843b596fc981bf93eeda73098c38 --body "your comment"

Provenance signed

gabriel

Bump minor

Signature Cryptographically verified

Snapshot

ID sha256:5634cdad86598b02ff10f0154386d3848fe73155f6511ebf6ef05c7ec1626a6c

Files 0

Browse tree at this commit →

Commit

SHA sha256:76b358caeca8a3640561420963a6b9eef3b8843b596fc981bf93eeda73098c38

Parent

sha256:5dd0ef85677d8b60658d7c8aa7969ba12032360dd34df14e79e6f50b3b4d978b

Branch task/fix-presigned-upload-macos