<div dir="ltr"><p style="box-sizing:border-box;margin-bottom:16px;color:rgb(36,41,46);font-family:-apple-system,system-ui,"Segoe UI",Helvetica,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji";font-size:14px;margin-top:0px"><a href="https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_load_verify_locations.html" rel="nofollow" style="box-sizing:border-box;background-color:initial;color:rgb(3,102,214);text-decoration-line:none">SSL_CTX_load_verify_locations</a> is required for UWP port to load ca file since OpenSSL will not use the CA of the OS.</p><p style="box-sizing:border-box;margin-top:0px;margin-bottom:16px;color:rgb(36,41,46);font-family:-apple-system,system-ui,"Segoe UI",Helvetica,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji";font-size:14px">But in UWP build, <a href="https://github.com/openssl/openssl/blob/082c041b4233b17b80129d4ac6b33a28014442b0/Configurations/50-win-onecore.conf#L113" style="box-sizing:border-box;background-color:initial;color:rgb(3,102,214);text-decoration-line:none">stdio is disabled</a> by default. However, SSL_CTX_load_verify_locations relies on the default X509_STORE file lookup functionality uses stdio (via BIO_s_file). That basically means no verification of peers and hosts is possible with OpenSSL on UWP port.</p><p style="box-sizing:border-box;margin-top:0px;color:rgb(36,41,46);font-family:-apple-system,system-ui,"Segoe UI",Helvetica,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji";font-size:14px;margin-bottom:0px">Is there a way to fix this or if there's a workaround for UWP ?</p><p style="box-sizing:border-box;margin-top:0px;color:rgb(36,41,46);font-family:-apple-system,system-ui,"Segoe UI",Helvetica,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji";font-size:14px;margin-bottom:0px"><br></p><p style="box-sizing:border-box;margin-top:0px;color:rgb(36,41,46);font-family:-apple-system,system-ui,"Segoe UI",Helvetica,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji";font-size:14px;margin-bottom:0px">Thanks,</p><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature">Feng</div></div></div>