Re: Get root certificates from System Store of Windows

[Shahin Khorasani]

try this #include <WinCrypt.h> static void ossl_x509store_add_certs_win(X509_STORE *store) {     HCERTSTORE hStore;     PCCERT_CONTEXT pContext = NULL;     X509 *x509;     hStore = CertOpenSystemStore(0, "ROOT");     if(!hStore)         return;     while (pContext = CertEnumCertificatesInStore(hStore, pContext))     {         x509 = NULL;         x509 = d2i_X509(NULL, &pContext->pbCertEncoded, pContext->cbCertEncoded);         if (x509)         {             X509_STORE_add_cert(store, x509);             X509_free(x509);         }     }     CertFreeCertificateContext(pContext);     CertCloseStore(hStore, 0); } Shahin Khorasani NARUSE, Yui wrote: On Unix, we can use X509_STORE_set_default_paths(store) to load root certificates provided by the system But on Windows, its certificates aren't provided as a file. So it should be required another way. Following is a concept code (use Crypt32.dll): #include <WinCrypt.h> /* http://msdn.microsoft.com/en-us/library/aa380252(VS.85).aspx */ static void ossl_x509store_add_certs_win(X509_STORE *store) { HCERTSTORE hStore; PCCERT_CONTEXT pContext = NULL; hStore = CertOpenSystemStore(0, "ROOT"); if(!hStore) return; while (pContext = CertEnumCertificatesInStore(hStore, pContext)) { BIO *in = BIO_new_mem_buf(pContext->pbCertEncoded, pContext->cbCertEncoded); if (!in) continue; X509 *x509 = d2i_X509_bio(in, NULL); BIO_free(in); if (x509) { X509_STORE_add_cert(store, x509); X509_free(x509); } } CertFreeCertificateContext(pContext); CertCloseStore(hStore, 0); } I want to merge this to OpenSSL, but I can't propose suitable API. Thoughts? ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org