On Fri, 05 Jun 2020 03:04:47 +0200, Feng LI wrote: > SSL_CTX_load_verify_locations is required for UWP port to load ca file since OpenSSL will not use > the CA of the OS. > > But in UWP build, stdio is disabled by default. However, SSL_CTX_load_verify_locations relies on > the default X509_STORE file lookup functionality uses stdio (via BIO_s_file). That basically means > no verification of peers and hosts is possible with OpenSSL on UWP port. > > Is there a way to fix this or if there's a workaround for UWP ? It should be enough to use BIO_s_fd() instead of BIO_s_file() (it takes a bit more than a mere change of function name, OpenSSL's file descriptor isn't quite designed for use with files, unfortunately). That is, with the assumption that POSIX file descriptors can be used at all with UWP... otherwise, someone will have to come up with a BIO method that supports whatever file API that UWP supports. Cheers, Richard -- Richard Levitte levitte@xxxxxxxxxxx OpenSSL Project http://www.openssl.org/~levitte/
