dicroce dicroce - 1 month ago 14
C++ Question

Can OpenSSL on Windows use the system certificate store?

Some working C++ code that I'm porting from Linux to Windows is failing on windows because

SSL_get_verify_result()
is returning
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
.

The code was using
SSL_CTX_set_default_verify_paths()
on Linux to tell SSL to just look in the standard default locations for the certificate store.

Is it possible to get OpenSSL to use the system certificate store?

Answer

I have done it earlier. Hope this helps, if this is exactly what you are looking for.

  1. Load your certificate (in PCCERT_CONTEXT structure) from Windows Cert store using Crypto APIs.
  2. Get encrypted content of it in binary format as it is. [PCCERT_CONTEXT->pbCertEncoded].
  3. Parse this binary buffer into X509 certificate Object using OpenSSL's d2i_X509() method.
  4. Get handle to OpenSSL's trust store using SSL_CTX_get_cert_store() method.
  5. Load above parsed X509 certificate into this trust store using X509_STORE_add_cert() method.
  6. You are done!