On macOS populate root CAs via system cert store

CMakeLists.txt

@@ -238,6 +238,7 @@ install(FILES libraries/softfloat/COPYING.txt DESTINATION ${CMAKE_INSTALL_FULL_D
 install(FILES libraries/wasm-jit/LICENSE DESTINATION ${CMAKE_INSTALL_FULL_DATAROOTDIR}/licenses/eosio/ RENAME LICENSE.wavm)
 install(FILES libraries/fc/secp256k1/upstream/COPYING DESTINATION ${CMAKE_INSTALL_FULL_DATAROOTDIR}/licenses/eosio/ RENAME LICENSE.secp256k1)
 install(FILES externals/binaryen/LICENSE DESTINATION ${CMAKE_INSTALL_FULL_DATAROOTDIR}/licenses/eosio/ RENAME LICENSE.binaryen)
+install(FILES libraries/fc/src/network/LICENSE.go DESTINATION ${CMAKE_INSTALL_FULL_DATAROOTDIR}/licenses/eosio/ )
 
 include(installer)
 

programs/cleos/httpc.cpp

@@ -18,6 +18,7 @@
 #include <boost/asio/ssl.hpp>
 #include <fc/variant.hpp>
 #include <fc/io/json.hpp>
+#include <fc/network/platform_root_ca.hpp>
 #include <eosio/chain/exceptions.hpp>
 #include <eosio/http_plugin/http_plugin.hpp>
 #include <eosio/chain_plugin/chain_plugin.hpp>
@@ -229,14 +230,7 @@ namespace eosio { namespace client { namespace http {
       }
       else { //https
          boost::asio::ssl::context ssl_context(boost::asio::ssl::context::sslv23_client);
-#if defined( __APPLE__ )
-         //TODO: this is undocumented/not supported; fix with keychain based approach
-         ssl_context.load_verify_file("/private/etc/ssl/cert.pem");
-#elif defined( _WIN32 )
-         EOS_THROW(http_exception, "HTTPS on Windows not supported");
-#else
-         ssl_context.set_default_verify_paths();
-#endif
+         fc::add_platform_root_cas_to_context(ssl_context);
 
          boost::asio::ssl::stream<boost::asio::ip::tcp::socket> socket(cp.context->ios, ssl_context);
          SSL_set_tlsext_host_name(socket.native_handle(), url.server.c_str());