Opened 19 months ago

Last modified 7 months ago

#6372 enhancement new

Support native OS X trusted CA database for SSL certificate validation

Reported by: itamar Owned by:
Priority: normal Milestone:
Component: core Keywords:
Cc: Branch:
Author: Launchpad Bug:

Description

This was originally part of #5446, where Glyph wrote:

On OS X, and again, I haven't done this, I believe you just have to call SSLCopyTrustedRoots to get the default trusted SSL CA certificates and then SecCertificateCopyData on the retrieved roots to turn them into DER (which we can then load into any SSL implementation).

Change History (1)

comment:1 Changed 7 months ago by Alex

Here's some code from go which appears to do this:

https://code.google.com/p/go/source/browse/src/pkg/crypto/x509/root_cgo_darwin.go -- based on calling some APIs inside the Security Framework

https://code.google.com/p/go/source/browse/src/pkg/crypto/x509/root_darwin.go -- based on invoking some CLI program which prints out a bunch of PEM encoded certificates

Note: See TracTickets for help on using tickets.