I want to compile curl in a such a way that it can access the macOS keychain for certificate lookup. I have added an internal company CA certificate to my system keychain and am trusting it.
When I build curl as described in the curl docs (which I am apparently not allowed to link) with Secure Transport I am able to connect to a server with a certificate signed by our internal CA. However, this does not work as root.
./curl company.com # works
sudo ./curl company.com # invalid certificate chain
When I repeat the same tests with the curl version that ships with the os, it works in both cases. Same results with a small example program when I link against my build vs linking against Apple's curl.
I've also tried to compile it with libressl (with and without Secure Transport) but then keychain access doesn't even work as normal user.
Any idea what's going wrong? How does Apple compile curl so that it works as root?