Opened 2 years ago

Last modified 14 months ago

#6372 enhancement new

Support native OS X trusted CA database for SSL certificate validation

Reported by: itamar Owned by:
Priority: normal Milestone:
Component: core Keywords:
Cc: Branch:
Author: Launchpad Bug:


This was originally part of #5446, where Glyph wrote:

On OS X, and again, I haven't done this, I believe you just have to call SSLCopyTrustedRoots to get the default trusted SSL CA certificates and then SecCertificateCopyData on the retrieved roots to turn them into DER (which we can then load into any SSL implementation).

Change History (1)

comment:1 Changed 14 months ago by Alex

Here's some code from go which appears to do this: -- based on calling some APIs inside the Security Framework -- based on invoking some CLI program which prints out a bunch of PEM encoded certificates

Note: See TracTickets for help on using tickets.