Merge pull request #5886 from EOSIO/macos_proper_https

On macOS populate root CAs via system cert store

CMakeLists.txt

@@ -238,6 +238,7 @@ install(FILES libraries/softfloat/COPYING.txt DESTINATION ${CMAKE_INSTALL_FULL_D
 install(FILES libraries/wasm-jit/LICENSE DESTINATION ${CMAKE_INSTALL_FULL_DATAROOTDIR}/licenses/eosio/ RENAME LICENSE.wavm)
 install(FILES libraries/fc/secp256k1/upstream/COPYING DESTINATION ${CMAKE_INSTALL_FULL_DATAROOTDIR}/licenses/eosio/ RENAME LICENSE.secp256k1)
 install(FILES externals/binaryen/LICENSE DESTINATION ${CMAKE_INSTALL_FULL_DATAROOTDIR}/licenses/eosio/ RENAME LICENSE.binaryen)
+install(FILES libraries/fc/src/network/LICENSE.go DESTINATION ${CMAKE_INSTALL_FULL_DATAROOTDIR}/licenses/eosio/ )
 
 include(installer)
 

fc @ 29cd7df7

-Subproject commit b27ff7d4a96cc7bd53485758cfb71e841721be00
+Subproject commit 29cd7df702e79954076461af0eadad2e9d745d44

programs/cleos/httpc.cpp

@@ -18,6 +18,7 @@
 #include <boost/asio/ssl.hpp>
 #include <fc/variant.hpp>
 #include <fc/io/json.hpp>
+#include <fc/network/platform_root_ca.hpp>
 #include <eosio/chain/exceptions.hpp>
 #include <eosio/http_plugin/http_plugin.hpp>
 #include <eosio/chain_plugin/chain_plugin.hpp>
@@ -230,14 +231,7 @@ namespace eosio { namespace client { namespace http {
       }
       else { //https
          boost::asio::ssl::context ssl_context(boost::asio::ssl::context::sslv23_client);
-#if defined( __APPLE__ )
-         //TODO: this is undocumented/not supported; fix with keychain based approach
-         ssl_context.load_verify_file("/private/etc/ssl/cert.pem");
-#elif defined( _WIN32 )
-         EOS_THROW(http_exception, "HTTPS on Windows not supported");
-#else
-         ssl_context.set_default_verify_paths();
-#endif
+         fc::add_platform_root_cas_to_context(ssl_context);
 
          boost::asio::ssl::stream<boost::asio::ip::tcp::socket> socket(cp.context->ios, ssl_context);
          SSL_set_tlsext_host_name(socket.native_handle(), url.server.c_str());