Opened 10 years ago

Closed 9 years ago

#44796 closed defect (fixed)

certsync @1.0.7: update-ca-certificates does not process custom CAs

Reported by: claviola (Carlos Laviola) Owned by: landonf (Landon Fuller)
Priority: Normal Milestone:
Component: ports Version: 2.3.1
Keywords: Cc: neverpanic (Clemens Lang)
Port: certsync

Description

I have custom root and intermediate CAs I've added to the OS X keychain that work fine with Safari, but are not added to the openssl certificate store. The only CAs that seem to be added are the ones that are part of "System Roots", which isn't modifiable. Besides checking the trust values of these CAs, I've also tried to put them in the local and system stores to no avail.

Change History (5)

comment:1 Changed 10 years ago by larryv (Lawrence Velázquez)

Cc: cal@… added
Owner: changed from macports-tickets@… to landonf@…

comment:2 Changed 10 years ago by landonf (Landon Fuller)

The keychain UI can be buggy when it comes to adding CAs to the appropriate trust settings store.

Do your custom CAs show up if you run the following command?

security dump-trust-settings -d

If not, chances are they aren't in the admin trust settings. You could try adding them directly from the command line (untested!) via:

security add-trusted-cert -d <certfile>

comment:3 Changed 10 years ago by neverpanic (Clemens Lang)

I think this has never worked due to a bug in certsync. Please try again after r124828.

comment:4 in reply to:  3 Changed 10 years ago by landonf (Landon Fuller)

Unfortunately, having to support such ancient OS X releases has made maintaining and testing certsync a real headache :(

Replying to cal@…:

I think this has never worked due to a bug in certsync. Please try again after r124828.

Hrm; definitely worked for me, since I couldn't check anything out at work, etc, without a custom CA being included.

comment:5 Changed 9 years ago by neverpanic (Clemens Lang)

Resolution: fixed
Status: newclosed

I think my change fixed this. Assuming this is the case and closing due to lack of response from creator.

Note: See TracTickets for help on using tickets.