SslHandshake set default verify path (#385)

Set default verify paths for SSLHandshake to prevent secure connections from being marked as unverified.
Co-authored-by: Bas van Berckel <bas.vanberckel@copernica.com>

src/linux_tcp/openssl.cpp

@@ -327,6 +327,20 @@ long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
     return func(ctx, cmd, larg, parg);
 }
 
+/**
+ *  Specify that the default location from which CA certificates are loaded
+ *  should be used.
+ *  @param  ctx
+ */
+int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
+{
+    // the actual function
+    static Function<decltype(::SSL_CTX_set_default_verify_paths)> func(handle, "SSL_CTX_set_default_verify_paths");
+
+    // call actual function
+    return func(ctx);
+}
+
 /**
  *  Clear the SSL error queue
  *  @return void

src/linux_tcp/openssl.h

@@ -51,6 +51,7 @@ void     SSL_CTX_free(SSL_CTX *ctx);
 void     SSL_free(SSL *ssl);
 long     SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg);
 long     SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg);
+int      SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
 void     ERR_clear_error(void);
 
 /**

src/linux_tcp/sslhandshake.h

@@ -32,6 +32,12 @@ namespace AMQP {
 class SslHandshake : public TcpExtState
 {
 private:
+    /**
+     *  Ssl context
+     *  @var SslContext
+     */
+    SslContext _ctx;
+
     /**
      *  SSL structure
      *  @var SslWrapper
@@ -113,9 +119,13 @@ public:
      */
     SslHandshake(TcpExtState *state, const std::string &hostname, TcpOutBuffer &&buffer) : 
         TcpExtState(state),
-        _ssl(SslContext(OpenSSL::TLS_client_method())),
+        _ctx(OpenSSL::TLS_client_method()),
+        _ssl(_ctx),
         _out(std::move(buffer))
     {
+        // use the default directories for verifying certificates
+        OpenSSL::SSL_CTX_set_default_verify_paths(_ctx);
+
         // we will be using the ssl context as a client
         OpenSSL::SSL_set_connect_state(_ssl);