Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

gnutls: Also bootstrap CA bundle using System keychain #71282

Closed
wants to merge 1 commit into from
Closed

gnutls: Also bootstrap CA bundle using System keychain #71282

wants to merge 1 commit into from

Conversation

Firefishy
Copy link
Contributor

  • Have you followed the guidelines for contributing?
  • Have you checked that there aren't other open pull requests for the same formula update/change?
  • Have you built your formula locally with brew install --build-from-source <formula>, where <formula> is the name of the formula you're submitting?
  • Is your test running fine brew test <formula>, where <formula> is the name of the formula you're submitting?
  • Does your build pass brew audit --strict <formula> (after doing brew install <formula>)?

Add /Library/Keychains/System.keychain to the keychains used for for seeding the cert.pem bundle.

System.keychain is the authorative keychain for organization installed CAs.

SystemRootCertificates.keychain is only for default Apple installed CAs.

Fixes: #5291
Same change for OpenSSL: #71191

@Firefishy
Copy link
Contributor Author

CI failure look to me like a false positive.

@jonchang
Copy link
Contributor

#71191 (comment)

@SMillerDev
Copy link
Member

Can you make sure this has all the changes you made after reviews to the OpenSSL PR?

gnutls: Also bootstrap CA bundle using System keychain
fcc8964 
Add /Library/Keychains/System.keychain to the keychains used for for seeding the cert.pem bundle.

gnutls duplicate of openssl #71191
@Firefishy
Copy link
Contributor Author

Updated per #71191

@Firefishy
Copy link
Contributor Author

Firefishy commented Mar 19, 2021
edited
Loading

@jonchang I think the do-not-merge label can now safely be removed.

SeekingMeaning
SeekingMeaning approved these changes Mar 21, 2021
View reviewed changes
Copy link
Contributor

@SeekingMeaning SeekingMeaning left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work here, @Firefishy! 🌟

@BrewTestBot
Copy link
Member

🤖 A scheduled task has triggered a merge.

@Firefishy Firefishy deleted the gnutls-allow-certs-from-system-keychain branch March 21, 2021 16:50
@Firefishy Firefishy mentioned this pull request Mar 21, 2021
Closed
5 tasks
BrewTestBot pushed a commit that referenced this pull request Mar 23, 2021
@BrewTestBot
libressl: Also bootstrap CA bundle using System keychain
e2c1714 
Add /Library/Keychains/System.keychain to the keychains used for for seeding the cert.pem bundle.

Same has been done for:
* openssl@1.1: #71191
* gnutls: #71282

Closes #73620.

Signed-off-by: Sean Molenaar <1484494+SMillerDev@users.noreply.github.com>
Signed-off-by: BrewTestBot <1589480+BrewTestBot@users.noreply.github.com>
@Firefishy Firefishy mentioned this pull request Mar 29, 2021
Closed
@github-actions github-actions bot added the outdated PR was locked due to age label Apr 21, 2021
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Apr 21, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@SeekingMeaning SeekingMeaning SeekingMeaning approved these changes

Assignees
No one assigned
Labels
outdated PR was locked due to age
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

The description for openssl installation is misleading
5 participants
@Firefishy @jonchang @SMillerDev @BrewTestBot @SeekingMeaning