static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, char **ret) { int ok = 0; char *file; switch (cmd) { case X509_L_FILE_LOAD: if (argl == X509_FILETYPE_DEFAULT) { file = (char *)getenv(X509_get_default_cert_file_env()); if (file) ok = (X509_load_cert_crl_file(ctx, file, X509_FILETYPE_PEM) != 0); else ok = (X509_load_cert_crl_file (ctx, X509_get_default_cert_file(), X509_FILETYPE_PEM) != 0); if (!ok) { X509err(X509_F_BY_FILE_CTRL, X509_R_LOADING_DEFAULTS); } } else { if (argl == X509_FILETYPE_PEM) ok = (X509_load_cert_crl_file(ctx, argp, X509_FILETYPE_PEM) != 0); else ok = (X509_load_cert_file(ctx, argp, (int)argl) != 0); } break; } return (ok); }
extern "C" const char* CryptoNative_GetX509RootStoreFile() { const char* file = getenv(X509_get_default_cert_file_env()); if (!file) { file = X509_get_default_cert_file(); } return file; }
int _setupSystemCA(SSL_CTX* context, char* err, size_t err_len) { #if !defined(_WIN32) && !defined(__APPLE__) // On non-Windows/non-Apple platforms, the OpenSSL libraries should have been // configured with default locations for CA certificates. if (SSL_CTX_set_default_verify_paths(context) != 1) { snprintf(err, err_len, "error loading system CA certificates " "(default certificate file: %s default certificate path: %s )", X509_get_default_cert_file(), X509_get_default_cert_dir()); return 0; } return 1; #else X509_STORE* verifyStore = SSL_CTX_get_cert_store(context); if (!verifyStore) { snprintf(err, err_len, "no X509 store found for SSL context while loading " "system certificates"); return 0; } #if defined(_WIN32) int status = importCertStoreToX509_STORE( L"root", CERT_SYSTEM_STORE_CURRENT_USER, verifyStore, err, err_len); if (!status) return status; return importCertStoreToX509_STORE( L"CA", CERT_SYSTEM_STORE_CURRENT_USER, verifyStore, err, err_len); #elif defined(__APPLE__) return importKeychainToX509_STORE(verifyStore, err, err_len); #endif #endif }