RCORE-2196 Use the Windows trusted root certificates for TLS

[fealebenpae]

What, How & Why?

If an app runs in an enterprise environment where the machine is configured with a traffic-intercepting firewall any custom SSL certificates issued by the firewall need a new trusted root certificate to be installed on the machine. The interface we currently expose puts the onus on the app developer to provide us with a certificate we can add to the OpenSSL certificate store, but in such an environment the app developer is not able to do so.
What we can do to better conform is to automatically look up certificates in the machine's Trusted Root Certification Authorities store on OpenSSL's behalf and use them for the SSL handshake.

☑️ ToDos

• 📝 Changelog update
• 🚦 Tests (or not relevant)

[coveralls-official]

Pull Request Test Coverage Report for Build yavor.georgiev_443

Details

• 0 of 0 changed or added relevant lines in 0 files are covered.
• 97 unchanged lines in 13 files lost coverage.
• Overall coverage decreased (-0.03%) to 90.977%

---

Files with Coverage Reduction	New Missed Lines	%
src/realm/index_string.hpp	1	93.48%
src/realm/util/serializer.cpp	1	90.43%
test/test_index_string.cpp	1	93.48%
src/realm/array_blobs_big.cpp	2	98.58%
src/realm/object-store/shared_realm.cpp	2	91.89%
src/realm/sync/network/http.hpp	2	83.25%
test/test_lang_bind_helper.cpp	2	93.2%
src/realm/sync/noinst/client_impl_base.cpp	3	81.99%
src/realm/table.cpp	4	90.42%
src/realm/bplustree.cpp	7	71.41%

Totals
Change from base Build 2483:	-0.03%
Covered Lines:	215223
Relevant Lines:	236569

---

💛 - Coveralls

[leemaguire]

Is there a way to know if it failed to find certs for whatever reason so that you could fall back to m_ssl_context.use_included_certificate_roots();?

[fealebenpae]

The use_ methods are not mutually-exclusive. You can call as many as you like while you’re setting up your context.
Besides, looking up certificates happens during the SSL handshake, way after you’ve set up the context.