system(root_certificates)
. The list is obtained using an OS
specific process. The current implementation is as follows:
- On Windows, CertOpenSystemStore() is used to import the
"ROOT"
certificates from the OS. - On MacOSX, the trusted keys are loaded from the SystemRootCertificates key chain. The Apple API for this requires the SSL interface to be compiled with an XCode compiler, i.e., not with native gcc.
- Otherwise, certificates are loaded from a file defined by the Prolog
flag
system_cacert_filename
. The initial value of this flag is operating system dependent. For security reasons, the flag can only be set prior to using the SSL library. For example::- use_module(library(ssl)). :- set_prolog_flag(system_cacert_filename, '/home/jan/ssl/ca-bundle.crt').