In our recent wolfSSL v5.5.2 (Oct 28, 2022) release we added support for loading the system trusted certificates on several platforms. This makes it easier to leverage the operating system’s built-in trust mechanism for connecting to websites.
The support is enabled by default when using autoconf (./configure). The new option is “–enable-sys-ca-certs” or “#define WOLFSSL_SYS_CA_CERTS”.
The platforms supported and tested are:
Linux (Debian, Ubuntu, Gentoo, Fedora, RHEL)
Apple Mac OS X / iOS
Windows 10/11
Android
To enable this feature we added an API “wolfSSL_CTX_load_system_CA_certs” to load these into our certificate manager.
To test, use our example client “examples/client/client” with the “–sys-ca-certs” argument to load the trusted certificates.
Example:
$ ./configure –enable-sys-ca-certs
$ make
$ ./examples/client/client -h www.google.com -p 443 –sys-ca-certs -g
SSL version is TLSv1.2
SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
SSL curve name is SECP256R1
SSL connect ok, sending GET…
HTTP/1.0 200 OK
Date: Tue, 07 Mar 2023 22:05:41 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
P3P: CP=”This is not a P3P policy! See g.co/p3phelp for more info.”
Server: gws
X-XSS-Protection: 0
X-Fra
For questions email facts@wolfssl.com.