OpenSSL: use default locations for CA certificates if no CA certificate location is supplied by the user

Hello,

I created a small application that uses ldaps and was surprised that the OpenSSL implementations don't use the default system locations for the CA certificates, if no other CA certificate was supplied. I propose to use the default CA certificate stores / locations if the user doesn't supply any information.

The attached patch files add the SSL_CTX_set_default_verify_paths function. They use it to switch to the deault system certificate stores / locations if the user doesn't provide a CA certificate in any of the CertCAFile, PFXfile or PFX properties.

If it helps, I can also create a pull request.

Best regards,

Jan

[ssl_openssl3.pas - use SSL_CTX_set_default_verify_paths.patch](https://github.com/user-attachments/files/22754423/ssl_openssl3.pas.-.use.SSL_CTX_set_default_verify_paths.patch)
[ssl_openssl3_lib.pas - add SSL_CTX_set_default_verify_paths.patch](https://github.com/user-attachments/files/22754425/ssl_openssl3_lib.pas.-.add.SSL_CTX_set_default_verify_paths.patch)
[ssl_openssl11.pas - use SSL_CTX_set_default_verify_paths.patch](https://github.com/user-attachments/files/22754426/ssl_openssl11.pas.-.use.SSL_CTX_set_default_verify_paths.patch)
[ssl_openssl11_lib.pas - add SSL_CTX_set_default_verify_paths.patch](https://github.com/user-attachments/files/22754424/ssl_openssl11_lib.pas.-.add.SSL_CTX_set_default_verify_paths.patch)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

OpenSSL: use default locations for CA certificates if no CA certificate location is supplied by the user #21

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

OpenSSL: use default locations for CA certificates if no CA certificate location is supplied by the user #21

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions