This makes it easy for users to use the default system ca certificates, as VERIFY_PEER will "just work" provided they have root certificates installed in OPENSSLDIR (see openssl version -d) under cert.pem.
Users can also specify their own cert_store if desired.
This makes it easy for users to use the default system ca certificates, as VERIFY_PEER will "just work" provided they have root certificates installed in OPENSSLDIR (see
openssl version -d
) under cert.pem.Users can also specify their own cert_store if desired.