https://bugs.documentfoundation.org/show_bug.cgi?id=164781
--- Comment #9 from Patrick (volunteer) <[email protected]> --- (In reply to Buovjaga from comment #8) > Let's ask Michael. While we're waiting for how to test this cURL functionality, what I can do is try setting up a simple Xcode project (I will upload it) that extracts the certificate for a particular name (I assume LibreOffice stores a name or hash?) and verifies that it is trusted. I think we can get an X.509 certicate from the macOS Keychain using the following: https://developer.apple.com/documentation/security/storing-a-der-encoded-x-509-certificate?language=objc ...and then verify that it is trusted using the following: https://developer.apple.com/documentation/security/sectrustevaluatewitherror(_:_:)?language=objc Here is where things get hazy for me: once we have a trusted X.509 certificate in memory, can we then pass the memory as a cURL option? I was looking at the following link and was thinking that we use it except that CURLOPT_SSL_VERIFYPEER would be set to 0 (since we already verified trust natively) and sslctx_function() wouldn't do anything and would just return CURLE_OK: https://curl.se/libcurl/c/CURLOPT_SSL_CTX_DATA.html Does that sound reasonable? -- You are receiving this mail because: You are the assignee for the bug.
