Add support for loading root CAs from Windows crypto API

Fixes #18020.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18070)

3 files changed, 11 insertions, 14 deletions

diff --git a/include/internal/common.h b/include/internal/common.h
index d820f3e00d..83549737ed 100644
--- a/include/internal/common.h
+++ b/include/internal/common.h
@@ -13,7 +13,9 @@
 
 # include <stdlib.h>
 # include <string.h>
-# include "internal/e_os.h" /* To get strncasecmp() on Windows */
+# include "openssl/configuration.h"
+
+# include "internal/e_os.h" /* ossl_inline in many files */
 # include "internal/nelem.h"
 
 #ifdef NDEBUG
@@ -73,9 +75,14 @@ __owur static ossl_inline int ossl_assert_int(int expr, const char *exprstr,
 #  define CTLOG_FILE              "OSSL$DATAROOT:[000000]ct_log_list.cnf"
 # endif
 
-#define X509_CERT_URI            ""
+#ifndef OPENSSL_NO_WINSTORE
+# define X509_CERT_URI            "org.openssl.winstore://"
+#else
+# define X509_CERT_URI            ""
+#endif
 
 # define X509_CERT_URI_EVP        "SSL_CERT_URI"
+# define X509_CERT_PATH_EVP       "SSL_CERT_PATH"
 # define X509_CERT_DIR_EVP        "SSL_CERT_DIR"
 # define X509_CERT_FILE_EVP       "SSL_CERT_FILE"
 # define CTLOG_FILE_EVP           "CTLOG_FILE"
@@ -114,15 +121,4 @@ static ossl_inline int ossl_is_absolute_path(const char *path)
     return path[0] == '/';
 }
 
-static ossl_inline int ossl_is_uri(const char *s)
-{
-    const char *x;
-    for (x=s; ossl_isalnum(*x); ++x);
-#ifdef _WIN32
-    if (x-s <= 1)
-        return 0;
-#endif
-    return x > s && HAS_PREFIX(x, "://");
-}
-
 #endif
diff --git a/include/internal/e_os.h b/include/internal/e_os.h
index 1be20f61f9..8b0c3a933c 100644
--- a/include/internal/e_os.h
+++ b/include/internal/e_os.h
@@ -249,7 +249,7 @@ FILE *__iob_func();
 /***********************************************/
 
 # if defined(OPENSSL_SYS_WINDOWS)
-#  if (_MSC_VER >= 1310) && !defined(_WIN32_WCE)
+#  if defined(_MSC_VER) && (_MSC_VER >= 1310) && !defined(_WIN32_WCE)
 #   define open _open
 #   define fdopen _fdopen
 #   define close _close
diff --git a/include/openssl/x509.h.in b/include/openssl/x509.h.in
index b7fcf91281..204938748e 100644
--- a/include/openssl/x509.h.in
+++ b/include/openssl/x509.h.in
@@ -495,6 +495,7 @@ const char *X509_get_default_cert_uri(void);
 const char *X509_get_default_cert_dir(void);
 const char *X509_get_default_cert_file(void);
 const char *X509_get_default_cert_uri_env(void);
+const char *X509_get_default_cert_path_env(void);
 const char *X509_get_default_cert_dir_env(void);
 const char *X509_get_default_cert_file_env(void);
 const char *X509_get_default_private_dir(void);