LibTLS: Use Windows-specific method to set default certificate store

test_tls in TestDNSResolver was failing to perform the TLSv12 connection due to the following error: "14430000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:ssl\statem\statem_clnt.c:2124". To perform the equivalent on Windows, we can instead load the built in OSSL_STORE for Windows
2025-12-06 00:19:53 +01:00 · 2025-08-21 16:48:20 -07:00 · 2025-08-21 16:48:20 -07:00 · 4180944b4d
commit 4180944b4d
parent ff71efebb6
1 changed files with 6 additions and 0 deletions
--- a/Libraries/LibTLS/TLSv12.cpp
+++ b/Libraries/LibTLS/TLSv12.cpp
@ -222,7 +222,13 @@ ErrorOr<NonnullOwnPtr<TLSv12>> TLSv12::connect_internal(NonnullOwnPtr<Core::TCPS
        SSL_CTX_load_verify_file(ssl_ctx, path.characters());
    } else {
        // Use the default trusted certificate store
+#if defined(AK_OS_WINDOWS)
+        // https://stackoverflow.com/questions/9507184/can-openssl-on-windows-use-the-system-certificate-store
+        // https://docs.openssl.org/master/man7/OSSL_STORE-winstore/
+        OPENSSL_TRY(SSL_CTX_load_verify_store(ssl_ctx, "org.openssl.winstore://"));
+#else
        OPENSSL_TRY(SSL_CTX_set_default_verify_paths(ssl_ctx));
+#endif
    }

    // Require a minimum TLS version of TLSv1.2.