<div dir="ltr"><div dir="ltr"><div dir="ltr"><br><br><div class="gmail_quote"><div dir="ltr">On Fri, Sep 7, 2018 at 11:55 PM Juan Isoza <<a href="mailto:jisoza@gmail.com">jisoza@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><br></div>It's a good idea using openssl under windows (with new openssl 1.1.1, we will be able to use TLS 1.3 under Windows, from 7/2008 to 10/2016) instead internal windows crypto..<div><div><br></div><div>But, by example, curl build for windows with openssl need a --insecure parameters or a custom root certificate file.</div><div><br></div><div>What about using the Windows certificate store ?</div></div></div></blockquote><div>Loading the windows cert store isn't very hard....</div><div><br></div><div><a href="https://github.com/d3x0r/SACK/blob/master/src/netlib/ssl_layer.c#L1037">https://github.com/d3x0r/SACK/blob/master/src/netlib/ssl_layer.c#L1037</a><br></div><div>But checking; I Guess that's just the code from that stack overflow.  basically verbatim.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><div><br></div><div>I found info at</div><div><a href="https://stackoverflow.com/questions/9507184/can-openssl-on-windows-use-the-system-certificate-store/15451831" target="_blank">https://stackoverflow.com/questions/9507184/can-openssl-on-windows-use-the-system-certificate-store/15451831</a></div></div></div></blockquote><div><a href="https://stackoverflow.com/questions/9507184/can-openssl-on-windows-use-the-system-certificate-store/15451831">https://stackoverflow.com/questions/9507184/can-openssl-on-windows-use-the-system-certificate-store/15451831</a> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><div><br></div><div><br></div><div>There is some code in openssl (in engines\e_capi.c) which deal with Windows certificate store, but this seem not solve the problem</div></div></div>
-- <br>
openssl-users mailing list<br>
To unsubscribe: <a href="https://mta.openssl.org/mailman/listinfo/openssl-users" rel="noreferrer" target="_blank">https://mta.openssl.org/mailman/listinfo/openssl-users</a><br>
</blockquote></div></div></div></div>