On Sat, Sep 08, 2018 at 01:44:50PM +0000, Salz, Rich via openssl-users wrote: > OpenSSL does not use *any* certificate store, on any platform, it is up to the applications to do what they need. More precisely, OpenSSL does not bundle any trusted certificates with the upstream source. OpenSSL does use $OPENSSLDIR/cert.pem and $OPENSSL/certs/ as the default CAfile and CApath respectively via the: SSL_CTX_set_default_verify_paths() function. These can also be specified via the SSL_CERT_FILE and SSL_CERT_DIR environment variables. Applications can specify additional or alternative CAfile or CApath locations. IIRC the upstream OpenSSL code does not include an interface to the Windows Active Directory certificate store. This may be available from third parties. -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
