Few doubts about Boring and certificates

[4JX]

I am using (a fork of) boring in a project of mine and I'm having some trouble with making it use the correct certificates

1. On my Windows machine I am encountering the error unable to get local issuer certificate. Reading up on a similar issue in rust-openssl, I tried to find a way to set the env var SSL_CERT_DIR to a path to the system's certificate store, but it seems they are stored on the registry, so I'm also trying to tackle this another way by:
2. Integrating webpki-roots with a SslConnectorBuilder, but I do not see a way to add them as X509 into the cert store due to the format they are stored in (rustls has a specific method for that for example)

Is there anything that may be useful in tackling these issues?

[n1ght-hunter]

+1
having the exact same problem.

Edit

i found this by following this it fixed it.
https://github.com/sfackler/rust-openssl/pull/535/files

[ignassew]

If anyone is struggling with openssl (or boring) not detecting SSL_CERT_FILE while cross-compiling to x86_64-pc-windows-gnu, it's because openssl will use getenv while rust will use SetEnvironmentVariableW which is not compatible (setenv and getenv make a copy at startup which isn't used by SetEnvironmentVariableW).

If you want openssl to read your environment variables, you need to call the C APIs yourself. Here's my code as a reference:

// Licensed under CC0

extern "C" {
    fn putenv(s: *const u8) -> usize;
}

extern "C" {
    fn getenv(s: *const u8) -> *const u8;
}

fn main() {
    unsafe { putenv("SOMETHING=ISUP\0".as_bytes().as_ptr()) };

    // Environment variable is returned to us in a form of a pointer
    let env_ptr = unsafe { getenv("SOMETHING\0".as_bytes().as_ptr()) };
    assert_ne!(env_ptr as usize, 0);
    
    // If we get a null pointer, the environment variable is non existent
    let env_ptr = unsafe { getenv("ELSE\0".as_bytes().as_ptr()) };
    assert_eq!(env_ptr as usize, 0);
}