{-# LANGUAGE CPP #-} module OpenSSL.X509.SystemStore ( contextLoadSystemCerts ) where import OpenSSL.Session (SSLContext) #ifdef CABAL_OS_WINDOWS import qualified OpenSSL.X509.SystemStore.Win32 as S #elif defined(CABAL_OS_MACOSX) import qualified OpenSSL.X509.SystemStore.MacOSX as S #else import qualified OpenSSL.X509.SystemStore.Unix as S #endif -- | Add the certificates from the system-wide certificate store to the -- given @openssl@ context. Note that in __older versions of OpenSSL__ -- (namely <1.1.0), this does not automatically enable peer certificate -- verification. In that case, -- you also need to call 'OpenSSL.Session.contextSetVerificationMode' and -- check manually if the hostname matches the one specified in the -- certificate. You can find information about how to do the latter -- <https://github.com/iSECPartners/ssl-conservatory/blob/master/openssl/everything-you-wanted-to-know-about-openssl.pdf here>. contextLoadSystemCerts :: SSLContext -> IO () contextLoadSystemCerts = S.contextLoadSystemCerts {-# INLINE contextLoadSystemCerts #-}