[openssl-users] Using Windows system certficate store for server authentication

J Decker d3ck0r at gmail.com
Sat Sep 8 07:29:46 UTC 2018


On Fri, Sep 7, 2018 at 11:55 PM Juan Isoza <jisoza at gmail.com> wrote:

>
> It's a good idea using openssl under windows (with new openssl 1.1.1, we
> will be able to use TLS 1.3 under Windows, from 7/2008 to 10/2016) instead
> internal windows crypto..
>
> But, by example, curl build for windows with openssl need a --insecure
> parameters or a custom root certificate file.
>
> What about using the Windows certificate store ?
>
Loading the windows cert store isn't very hard....

https://github.com/d3x0r/SACK/blob/master/src/netlib/ssl_layer.c#L1037
But checking; I Guess that's just the code from that stack overflow.
basically verbatim.


>
> I found info at
>
> https://stackoverflow.com/questions/9507184/can-openssl-on-windows-use-the-system-certificate-store/15451831
>
https://stackoverflow.com/questions/9507184/can-openssl-on-windows-use-the-system-certificate-store/15451831


>
>
> There is some code in openssl (in engines\e_capi.c) which deal with
> Windows certificate store, but this seem not solve the problem
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180908/1d92259d/attachment.html>


More information about the openssl-users mailing list