use Debian's default root certificate location

as suggested here: http://archives.seul.org/libevent/users/Feb-2013/msg00034.html although curl's acinclude.m4 reveals many other possibilities: dnl /etc/ssl/certs/ca-certificates.crt Debian systems dnl /etc/pki/tls/certs/ca-bundle.crt Redhat and Mandriva dnl /usr/share/ssl/certs/ca-bundle.crt old(er) Redhat dnl /usr/local/share/certs/ca-root.crt FreeBSD dnl /etc/ssl/cert.pem OpenBSD dnl /etc/ssl/certs/ (ca path) SUSE And none of these cover Windows :(
2025-01-09 00:56:20 +08:00 · 2013-02-26 00:06:50 -08:00 · 2013-02-26 00:06:50 -08:00 · aacd674c94
commit aacd674c94
parent 5754d96a6e
1 changed files with 8 additions and 0 deletions
--- a/sample/https-client.c
+++ b/sample/https-client.c
@ -182,6 +182,14 @@ main(int argc, char **argv)
 	if (!ssl_ctx)
 		die_openssl("SSL_CTX_new");

+	/* Attempt to use the system's trusted root certificates.
+	 * (This path is only valid for Debian-based systems.) */
+	if (1 != SSL_CTX_load_verify_locations(ssl_ctx,
+					       "/etc/ssl/certs/ca-certificates.crt",
+					       NULL))
+		die_openssl("SSL_CTX_load_verify_locations");
+	SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL);
+
 	// Create event base
 	base = event_base_new();
 	if (!base) {