OpenSSL reasonable default for trusted CA certificates?

Question

Is there a way to set up an OpenSSL context (SSL_CTX) with a reasonable set of trusted CA certificates without distributing them myself? I don\'t want

Answer 1

You could use curl's script that converts the list from Mozilla (from Curl's maintainer's answer). According to its code, it seems to check whether the certificate is trusted or not before including it.