Apple SSL CA cert Fail (MacOS 10.5.7)

Hi foks,

Ordinarily I wouldn't send reports of operating system bugs that pose
no security risk to this list, but I'm making an exception in this
case due to the following conditions:

   1) There are a lot of Mac users in the NANOG community.
   2) There is a preponderance of folks here who run their own CAs
   3) CA software, particularly OpenSSL, is byzantine enough that
      upon running into a problem, one is likely to think he is the
      faulty party.
   4) I just burned three evenings last week chasing this bug. I
      don't have sufficient extra hair to be spending my evenings
      tearing it out and you might not either.

Summary: MacOSX's keychain access application mishandles importing
root CA certs. This only happens under 10.5.7; other versions are
fine. There is a workaround using command line tools.

Details at