For MacOS we search the keychain for certificates. We copy the data for each certificate and use OpenSSL function d2i_X509 to parse it. Than we store it in a global std::vector.
For Windows, we open CA, AuthRoot and ROOT stores with CertOpenSystemStore function. We enumerate all certificates and add them to the same vector as for MacOS.
In CURL we use CURLOPT_SSL_CTX_FUNCTION option to set our callback. In the callback, we get the X509_STORE from the SSL context via SSL_CTX_get_cert_store function. We loop over our certificates and add each via X509_STORE_add_cert function. Now all certificates are loaded and we can enable verification.
Sample code: CURLSSLCertificatesWin.cpp and CURLSSLCertificatesMac.cpp.
In our Xojo plugin, simply call UseSystemCertificates method in CURLSMBS class to load certificates into this instance. In FileMaker, please call CURL.UseSystemCertificates function on the CURL session.