Let public_key.cacerts_load loads user-trusted certificates on macOS

[pvthuyen]

As the moment, cacerts_load only load certificates from the OS location, i.e. /System/Library/Keychains/SystemRootCertificates.keychain. This lefts out the user-trusted certificates in /Library/Keychains/System.keychain

Describe the solution you'd like
Load certificates from /Library/Keychains/System.keychain in cacerts_load too.

[dgud]

I don't know if this is a good idea, the idea here was that it loads os only provided certs and that you can use public_key:cacerts_load/1 if you want it be handled differently.

[pvthuyen]

Certificates stored in /Library/Keychains/System.keychain are also parts of System Keychain [1]. I think they should be considered as OS provided certs too. Using public_key:cacerts_load/1 is not a possible option for me either as it does not support passing in a .keychain file.

[dgud]

We don't read the files directly on macOS, see https://github.com/erlang/otp/blob/master/lib/public_key/src/pubkey_os_cacerts.erl#L133
you could do the same and write the results to a temporary file and load for now.

[pvthuyen]

Thank you. Can we still consider loading the certs from System Keychain too? User added certificates are stilled being used as OS provided certs for other apps and I think it should be the same case here.

[dgud]

I'm closing this for now.

[randysecrist]

bump on this -> on the mac the system keychain is where most corps dump their certs

[dgud]

See #8844