You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
One way is to use CGO and the API suggested by #204 (comment), which would get the system CA certificates, system CA certificates configured in /Library, and CA certificates trusted in ~/Library/Keychains/login.keychain.
Alternately, we can use the method used by https://golang.org/src/crypto/x509/root_darwin.go and just shell out to call security find-certificate -a -p ~/Library/Keychains/login.keychain, and this would get you ONLY the certificates in the local keychain.
Since the user can no longer add certificates to the system root certificates without disabling software integrity protection as of El Capitan.
One way is to use CGO and the API suggested by #204 (comment), which would get the system CA certificates, system CA certificates configured in
/Library
, and CA certificates trusted in~/Library/Keychains/login.keychain
.Alternately, we can use the method used by https://golang.org/src/crypto/x509/root_darwin.go and just shell out to call
security find-certificate -a -p ~/Library/Keychains/login.keychain
, and this would get you ONLY the certificates in the local keychain.Caling
SecTrustCopyCustomAnchorCertificates
seems somewhat more correct, since it will get us not only which certificate the user trusts in the user login keychain, as well as all the system roots that the user trusts (the user can set per-user trust of system certificates).Both probably mean setting a darwin build flag though.
The text was updated successfully, but these errors were encountered: