A simple script intended to be run from cron(1) to sync a homebrew installed openssl CA pem with the certificates found in the OSX Keychain.

The installed CA pem file will be made available through the default X.509 store path.

• To install via homebrew:

     brew tap raggi/ale
     brew install openssl-osx-ca

• To install standalone:

     make install PREFIX=/opt/openssl-osx-ca

• To set the frequency, set the value of FREQUENCY when installing, defaults to @hourly. The value of FREQUENCY must be a supported crontab time specification. e.g.

     make install FREQUENCY=@daily

• Ruby 2.0.0+
• Other brew installed programs that rely on modern OpenSSL versions

• openssl s_client does not respect the default cafile. Adding any -CApath argument (even e.g. '?'), will cause verification to work.
• Syncs are only performed once per hour.
• Syncs may not be sufficiently atomic. There is a small possiblity of race conditions that could cause openssl programs to fail. The sync time is very very short, so in practice this is unlikely.