From e606d98664997eb24df983e63ec1a8714c54d51a Mon Sep 17 00:00:00 2001
From: Xavier Michelon <xavier.michelon@proton.ch>
Date: Mon, 8 May 2023 17:52:23 +0200
Subject: [PATCH] fix(GODT-2613): install the TLS certificate in the user
 keychain.

---
 internal/certs/cert_store_darwin.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/internal/certs/cert_store_darwin.go b/internal/certs/cert_store_darwin.go
index 61a5977d..97a79fa5 100644
--- a/internal/certs/cert_store_darwin.go
+++ b/internal/certs/cert_store_darwin.go
@@ -50,7 +50,7 @@ int installTrustedCert(char const *bytes, unsigned long long length) {
 		(id)kSecTrustSettingsResult: [NSNumber numberWithInt:kSecTrustSettingsResultTrustRoot],
 		(id)kSecTrustSettingsPolicy: (__bridge id) policy,
 	};
-	status = SecTrustSettingsSetTrustSettings(cert, kSecTrustSettingsDomainAdmin, (__bridge CFTypeRef)(trustSettings));
+	status = SecTrustSettingsSetTrustSettings(cert, kSecTrustSettingsDomainUser, (__bridge CFTypeRef)(trustSettings));
 	CFRelease(policy);
 	CFRelease(cert);
 
@@ -72,7 +72,7 @@ int removeTrustedCert(char const *bytes, unsigned long long length) {
 		(id)kSecTrustSettingsResult: [NSNumber numberWithInt:kSecTrustSettingsResultUnspecified],
 		(id)kSecTrustSettingsPolicy: (__bridge id) policy,
 	};
-	OSStatus status = SecTrustSettingsSetTrustSettings(cert, kSecTrustSettingsDomainAdmin, (__bridge CFTypeRef)(trustSettings));
+	OSStatus status = SecTrustSettingsSetTrustSettings(cert, kSecTrustSettingsDomainUser, (__bridge CFTypeRef)(trustSettings));
 	CFRelease(policy);
 	if (errSecSuccess != status) {
 		CFRelease(cert);