c++ - Can OpenSSL on Windows use the system certificate store?

Question

Some working C++ code that I'm porting from Linux to Windows is failing on windows because SSL_get_verify_result() is returning X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY.

The code was using SSL_CTX_set_default_verify_paths() on Linux to tell SSL to just look in the standard default locations for the certificate store.

Is it possible to get OpenSSL to use the system certificate store?

Answer 1

I have done it earlier. Hope this helps, if this is exactly what you are looking for.

1. Load your certificate (in PCCERT_CONTEXT structure) from Windows Cert store using Crypto APIs.
2. Get encrypted content of it in binary format as it is. [PCCERT_CONTEXT->pbCertEncoded].
3. Parse this binary buffer into X509 certificate Object using OpenSSL's d2i_X509() method.
4. Get handle to OpenSSL's trust store using SSL_CTX_get_cert_store() method.
5. Load above parsed X509 certificate into this trust store using X509_STORE_add_cert() method.
6. You are done!