> > > What about using the Windows certificate store ? > > I think it would be great to offer ability that to OpenSSL users on Windows. >
For CA validation on Windows we use CURLOPT_SSL_CTX_FUNCTION / CURLopenssl_certverifycallback. The implementation is a mixture of a Microsoft example (https://github.com/Microsoft/Windows-classic-samples/blob/master/Samples/Win7Samples/security/cryptoapi/BuildChain/CPP/BuildChain.cpp) and how Google Chrome performs CA validation (https://cs.chromium.org/chromium/src/net/cert/cert_verify_proc_win.cc). On Linux we use the default behavior of OpenSSL (system certificate bundle file) as there is no other dedicated "system" store like on Windows and MacOS. On MacOS we use SecureTransport which performs CA validation out oft he box. I don't know how to do CA validation against the system Keychain with OpenSSL there. Regards, Dominik ------------------------------------------------------------------- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
