[MacPorts] #63740: [apple-pki-bundle] : extend to cover all certificates from "System Roots"
MacPorts
noreply at macports.org
Mon Nov 1 12:27:20 UTC 2021
#63740: [apple-pki-bundle] : extend to cover all certificates from "System Roots"
-------------------------------+--------------------
Reporter: RJVB | Owner: (none)
Type: enhancement | Status: new
Priority: Normal | Milestone:
Component: ports | Version:
Resolution: | Keywords:
Port: apple-pki-bundle |
-------------------------------+--------------------
Comment (by essandess):
Replying to [comment:6 RJVB]:
> Replying to [comment:3 essandess]:
> > ISRG Root X1 is included in Mozilla’s bundle, therefore it’s already
in port {{{curl-ca-bundle}}}. Does this address what you’re looking for?
>
> Not really, because that those certificates typically aren't available
outside of MacPorts
??? These certs are simply downloaded from
https://curl.se/docs/caextract.html.
> I see no evidence in the Portfile that the certificates are actually
being added to any of the OS's certificate stores.
If there’s a circumstance for which a port installs CAs in the System
Keychain, I can’t imagine what that would be. This sounds like a Bad Idea.
Users/Admins should manage their PKI.
--
Ticket URL: <https://trac.macports.org/ticket/63740#comment:9>
MacPorts <https://www.macports.org/>
Ports system for macOS
More information about the macports-tickets
mailing list