[openssl][uwp] SSL_CTX_load_verify_locations not working for UWP port

Richard Levitte levitte at openssl.org
Fri Jun 5 09:43:07 UTC 2020


On Fri, 05 Jun 2020 03:04:47 +0200,
Feng LI wrote:
> SSL_CTX_load_verify_locations is required for UWP port to load ca file since OpenSSL will not use
> the CA of the OS.
> 
> But in UWP build, stdio is disabled by default. However, SSL_CTX_load_verify_locations relies on
> the default X509_STORE file lookup functionality uses stdio (via BIO_s_file). That basically means
> no verification of peers and hosts is possible with OpenSSL on UWP port.
> 
> Is there a way to fix this or if there's a workaround for UWP ?

It should be enough to use BIO_s_fd() instead of BIO_s_file() (it
takes a bit more than a mere change of function name, OpenSSL's file
descriptor isn't quite designed for use with files, unfortunately).

That is, with the assumption that POSIX file descriptors can be used
at all with UWP...  otherwise, someone will have to come up with a BIO
method that supports whatever file API that UWP supports.

Cheers,
Richard

-- 
Richard Levitte         levitte at openssl.org
OpenSSL Project         http://www.openssl.org/~levitte/


More information about the openssl-users mailing list