HsOpenSSL-x509-system- Use the system's native CA certificate store with HsOpenSSL

Safe HaskellNone




contextLoadSystemCerts :: SSLContext -> IO () Source #

Add the certificates from the system-wide certificate store to the given openssl context. Note that in older versions of OpenSSL (namely <1.1.0), this does not automatically enable peer certificate verification. In that case, you also need to call contextSetVerificationMode and check manually if the hostname matches the one specified in the certificate. You can find information about how to do the latter here.