Default using Windows Schannel for SSL/TLS on Windows

[solarispika]

Follow
https://learn.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certgetcertificatechain for related flags.

Closes #1978

[solarispika]

I noticed that there is verify_result_ for storing OpenSSL result and is retrieved by get_openssl_verify_result(), but I have no idea how to set it. Please advise.

[yhirose]

@solarispika sorry for the delay. According to this comment #1978 (comment), you mentioned you ended up bypassing CRL in your production server.

Do you think that the current pull request which doesn't have the bypassing code will affect a number of Windows users? If not many, I don't mind merging this code. But it has a risk to affect many users, I would like you to implement a feature flag like CPPHTTPLIB_USE_WINDOWS_AUTOMATIC_ROOT_CERTIFICATES_UPDATE. If it's not set, the original code will be used.

[solarispika]

Hi @yhirose

I am not sure how many of them will be, possibly the number being proportional to users located in China.
I can add a toggle for this feature.
It looks like you prefer users to enable this feature, but not users to disable it, right?

[yhirose]

@solarispika , (1) If a number of users will be affected by this, I prefer making it an opt-in feature with CPPHTTPLIB_USE_WINDOWS_AUTOMATIC_ROOT_CERTIFICATES_UPDATE.

(2) But if we expect only few users will be affected, we can enable this feature by the default and uses can disable it with CPPHTTPLIB_DISABLE_WINDOWS_AUTOMATIC_ROOT_CERTIFICATES_UPDATE.

I prefer #2.