hlandau/trust.c Secret

## trust.c
static int _add_root_cert(SSL_CTX *ctx, const void *buf, size_t buf_len) {
  X509_STORE *xs = SSL_CTX_get_cert_store(ctx);

  BIO *in = BIO_new_mem_buf(buf, buf_len);
  if (!in)
    return -5;

  X509 *x = d2i_X509_bio(in, NULL);
  BIO_free(in);
  if (!x)
    return -6;

  X509_STORE_add_cert(xs, x);
  X509_free(x);
  return 0;
}

static int _add_trust_roots(SSL_CTX *ctx) {
#if IS_WIN
  HCERTSTORE s = CertOpenSystemStoreW(0, L"ROOT");
  if (!s)
    return -1;

  const CERT_CONTEXT *wctx = NULL;
  for (;;) {
    wctx = CertEnumCertificatesInStore(s, wctx);
    if (!wctx)
      break;

    // ignore errors
    _add_root_cert(ctx, wctx->pbCertEncoded, wctx->cbCertEncoded);
  }

  CertFreeCertificateContext(wctx);
  CertCloseStore(s, 0);
#else
  SSL_CTX_set_default_verify_paths(ctx);
#endif
  return 0;
}
	static int _add_root_cert(SSL_CTX ctx, const void buf, size_t buf_len) {
	X509_STORE *xs = SSL_CTX_get_cert_store(ctx);

	BIO *in = BIO_new_mem_buf(buf, buf_len);
	if (!in)
	return -5;

	X509 *x = d2i_X509_bio(in, NULL);
	BIO_free(in);
	if (!x)
	return -6;

	X509_STORE_add_cert(xs, x);
	X509_free(x);
	return 0;
	}

	static int _add_trust_roots(SSL_CTX *ctx) {
	#if IS_WIN
	HCERTSTORE s = CertOpenSystemStoreW(0, L"ROOT");
	if (!s)
	return -1;

	const CERT_CONTEXT *wctx = NULL;
	for (;;) {
	wctx = CertEnumCertificatesInStore(s, wctx);
	if (!wctx)
	break;

	// ignore errors
	_add_root_cert(ctx, wctx->pbCertEncoded, wctx->cbCertEncoded);
	}

	CertFreeCertificateContext(wctx);
	CertCloseStore(s, 0);
	#else
	SSL_CTX_set_default_verify_paths(ctx);
	#endif
	return 0;
	}