My system keychain has 172 certificates, ~/.nix-profile/etc/ssl/certs/ca-bundle.crt
has 137, and /etc/ssl/cert.pem
has 72 (I filtered out expired certificates from all 3 sets).
So probably not ideal, but still a desired improvement because it would be more robust (i.e. support user uninstalling ca-bundle.crt
) and bring macOS inline with the other operating systems/distributions, which all get a setting for NIX_SSL_CERT_FILE
.
Just only use it as a fallback for when there is no ~/.nix-profile/etc/ssl/certs/ca-bundle.crt
, as we don’t know how frequently Apple updates the bundle included with the OS.
@lilyball Will you do a PR for this?