otp icon indicating copy to clipboard operation
otp copied to clipboard
verified publisher icon erlang

Export and load CA entries from both SystemRoot and System keychain on darwin

Open starbelly opened this issue 1 year ago • 3 comments

Is your feature request related to a problem? Please describe. Currently, pubkey_os_cacerts will only load SystemRootCertificates.keychain via the export tool on mac os. This is reasonable, however many companies use an internal CA (or multiple) and install related certificates in System.keychain. It would be a nice to have, to export and load both, to save people time and energy when it comes to figuring out why a tls error occurs, when openssl, curl, etc. work fine.

Describe alternatives you've considered At the moment, when the environment is darwin I export both, write the contents out to a file, and load said file. This works fine. As a better alternative, it would be nice to have public_key:load/1 take either a binary or a file name (as is the case today) to save a write to the file system.

Additional context None.

starbelly avatar Sep 14 '24 16:09 starbelly

P.S. @IngelaAndin I can of course send up a PR for either or, but I wanted to make sure OTP team would accept it first.

starbelly avatar Sep 19 '24 20:09 starbelly

Please do, I think we would accept either or, with some motivation.

I have closed one issue report about this on Darwin before, but when I asked about some motivation I got a link to a random old forum post.

dgud avatar Sep 20 '24 06:09 dgud

@dgud I will open up two PRs, first the one to by default load both keychains, then a second for the ability to load via binary, as I do believe this would be quite useful.

starbelly avatar Sep 22 '24 14:09 starbelly

I believe this should be closed as completed now , if there is anything missing maybe a new issue or PR is warranted.

IngelaAndin avatar Apr 01 '25 11:04 IngelaAndin