On Unix, we can use X509_STORE_set_default_paths(store) to load root certificates provided by the system
But on Windows, its certificates aren't provided as a file. So it should be required another way. Following is a concept code (use Crypt32.dll): #include <WinCrypt.h> /* http://msdn.microsoft.com/en-us/library/aa380252(VS.85).aspx */ static void ossl_x509store_add_certs_win(X509_STORE *store) { HCERTSTORE hStore; PCCERT_CONTEXT pContext = NULL; hStore = CertOpenSystemStore(0, "ROOT"); if(!hStore) return; while (pContext = CertEnumCertificatesInStore(hStore, pContext)) { BIO *in = BIO_new_mem_buf(pContext->pbCertEncoded, pContext->cbCertEncoded); if (!in) continue; X509 *x509 = d2i_X509_bio(in, NULL); BIO_free(in); if (x509) { X509_STORE_add_cert(store, x509); X509_free(x509); } } CertFreeCertificateContext(pContext); CertCloseStore(hStore, 0); } I want to merge this to OpenSSL, but I can't propose suitable API. Thoughts? -- NARUSE, Yui <nar...@airemix.jp> ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org