Zig only reads CA Certificates from SystemRootCertificates.keychain and not from System.keychain #22700
Labels
bug
Observed behavior contradicts documented or intended behavior
Comments
dreilly1982
added
the
bug
|
I only mentioned zig fetch in the initial issue as this is where I found the issue, and the fetch command doesn't currently have any apparent way to pass the arguments to ignore TLS verification. This is a show stopper for anyone using Zig on machines where their traffic is forced through intercept proxies on MacOS. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Zig Version
0.14.0-dev.2989+bf6ee7cb3
Steps to Reproduce and Observed Behavior
run
zig fetch <url>returnserror: unable to connect to server: TlsInitializationFailedthis is due to a TLS intercept using a coporate signed TLS certificate.Expected Behavior
I am very sure that this was intended as written, however many organizations use TLS intercept on their devices. Allowing to read certificates from both
/System/Library/Keychains/SystemRootCertificates.keychainas well as/Library/Keychains/System.keychainwould allow trusted intercept certificates to be installed in the System keychain, and still be trusted for actions such as "zig build fetch".The text was updated successfully, but these errors were encountered: