dicroce dicroce - 4 months ago 32
C++ Question

Can OpenSSL on Windows use the system certificate store?

Some working C++ code that I'm porting from Linux to Windows is failing on windows because

is returning

The code was using
on Linux to tell SSL to just look in the standard default locations for the certificate store.

Is it possible to get OpenSSL to use the system certificate store?


I have done it earlier. Hope this helps, if this is exactly what you are looking for.

  1. Load your certificate (in PCCERT_CONTEXT structure) from Windows Cert store using Crypto APIs.
  2. Get encrypted content of it in binary format as it is. [PCCERT_CONTEXT->pbCertEncoded].
  3. Parse this binary buffer into X509 certificate Object using OpenSSL's d2i_X509() method.
  4. Get handle to OpenSSL's trust store using SSL_CTX_get_cert_store() method.
  5. Load above parsed X509 certificate into this trust store using X509_STORE_add_cert() method.
  6. You are done!