### What does this PR do?
Restore call to us_get_default_ca_certificates, and
X509_STORE_set_default_paths
Fixes https://github.com/oven-sh/bun/issues/23735
### How did you verify your code works?
Manually test running:
```bash
bun -e "await fetch('https://secure-api.eloview.com').then(res => res.t
ext()).then(console.log);"
```
should not result in:
```js
error: unable to get local issuer certificate
path: "https://secure-api.eloview.com/",
errno: 0,
code: "UNABLE_TO_GET_ISSUER_CERT_LOCALLY"
```
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Enhanced system root certificate handling to ensure consistent
validation across all secure connections.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
### What does this PR do?
Resume work on https://github.com/oven-sh/bun/pull/21898
### How did you verify your code works?
Manually tested on MacOS, Windows 11 and Ubuntu 25.04. CI changes are
needed for the tests
---------
Co-authored-by: Claude Bot <claude-bot@bun.sh>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: Jarred Sumner <jarred@jarredsumner.com>
* Prepare for windows event loop
* More progress
* Update libuv.zig
* wip
* Make compiling each dependency a shell script
* Bump mimalloc
* Add the build scripts
* Update settings.json
* Fix a bunch of compiler warnings
* Remove more warnings
* more warnings
* cmake works
* Update JSSQLStatement.h
* put it in the zig file
* Fix usockets warnings
* Fixup
* Fix one of the compiler errors
* chunk
* draw the rest of the owl
* theres more
* Rename Process -> BunProcess
Works around a Windows issue
* Add musl polyfill for memmem on Windows
* More
* 12 mb
* Fix getenvZ
* fix variosu issues
* Add fast-ish path for bun install on Windows
* Update windows.zig
* Update windows.zig
* Fix build issue
* it works
* hmmm
* Rename file
* Fixups
* Update wtf-bindings.cpp
* Update src/bun.js/bindings/headers-handwritten.h
Co-authored-by: Dylan Conway <35280289+dylan-conway@users.noreply.github.com>
* further!
* more
* Update .gitignore
* hm
* quite a lot of fixes
* Update CMakeLists.txt
* zig fmt
* Many more things are starting to work.
* reb
* regenaret
* Update JSSink.h
* fixup
* fetch works
* Bun.serve() and much of the event loop works now
* Make require() work
* bun install progress
* more things work
* use less std.os
* Fixes
* small fixes
* Bump
* Bummp
* Undo that change
* We have to bump the version of Debian because libarchive has a higher minimum requirement
* ok
* some clenaup
* windows
* Update bun.zig
* fixup
* avoid duplicate symbols
* avoid undefined symbols
* bump
* Remove issue template for install
It's not used, and use the bug issue instead.
* Add types for cp and cpSync
* Add types for watchFile and unwatchFile
* Add bun-types to 'bun fmt' script
* Update nodejs compat docs cp/cpSync/watchFile/unwatchFile (#4525)
* feat(fetch) rejectUnauthorized and checkServerIdentity (#4514)
* enable root certs on fetch
* rebase
* fix lookup
* some fixes and improvements
* fmt
* more fixes
* more fixes
* check detached onHandshake
* fix promise case
* fix cert non-Native
* add fetch tls tests
* more one test
* churn
* Update feature_flags.zig
* Update response.zig
* Revert "avoid undefined symbols"
This reverts commit ca835b726f.
* Revert "avoid duplicate symbols"
This reverts commit 4ac6ca8700.
* Update feature_flags.zig
* Set permissions
* more
* Update mimalloc
* Fix sqlite test failures
* Fix some test failures
* Make sure we remove libusockets is removed
* hm
* [dave]: fix webcrypto crash
* bump
* Update index.ts
* windows zig compiles
* cmake on mac works
* progress
* yay
* bun run build
* fix
* ok
* oops
* asdfasfdafdsafda
* fghjkl
* git ignore
* wow
* Process -> BunProcess
* hmm
* blah
* finalize merge
* now it only has linker errors on mac
* sdfadsf
* g
* getting farther
* sxdcvbnmk,
* adfhjskfjdhkas
* a
* fgh
* update build dot zig
* asdfg
* theoretical -DCANARY flag we can use
* asdf
* cool
* okay
* colorterm
* New build workflow
* Fix script
* Use sudo
* More sudo
* Tweak dependencies
* Another sudo attempt
* Tweak script
* 16.0 -> 16
* Tweak script
* Tweak script
* Tweak script
* Tweak script
* Tweak script
* bun install
* ssh into github actions
* add more to ssh
* Fix postinstal
* Skip llvm
* New dockerfile
* Build
* More changes to Dockerfile
* chaos chaos chaos
* okay
* a
* more cmake nonsense
* add unified sources code (does not work)
* stuff
* prepare for CI builds
* ok
* yay
* yeah
* make this more stable simply by trying again if it fails, 5 times, then lose. it fixes the stability issue i was running into L O L
* messing with ci
* x
* a
* clean dependencies before build
* oops
* this is not going to work but its closer
* not gonna work either
* a
* a
* did i do it
* a
* a
* work around weird fs+Bun.build issues
* properly pass debug flag correctly
* idk im sorry
* lose
* maybe
* run the tests please
* a
* fix zlib script
* a
* hi
* prevent stupid ci issue
* i totally didnt leave in a syntax error on cmakelists
* a
* lol
* relax
* 😭
* a
* SO SILLY
* 😡 one line mistake
* one character diff
* fix linking symbols missing
* work on dependency scripts
* does this work now?
* fix mac build
* a
* bump!
* woops
* add macos baseline build
* .
* fix sqlite and also enable $assert/$debug support in builtin functions
* okay
* oops
* zig upgrade lol
* Merge
* Fix spawn test issue
* Set a timeout
* yeah
* etc
* mi
---------
Co-authored-by: Jarred Sumner <709451+Jarred-Sumner@users.noreply.github.com>
Co-authored-by: Dylan Conway <dylan.conway567@gmail.com>
Co-authored-by: Dylan Conway <35280289+dylan-conway@users.noreply.github.com>
Co-authored-by: Ashcon Partovi <ashcon@partovi.net>
Co-authored-by: Birk Skyum <74932975+birkskyum@users.noreply.github.com>
Co-authored-by: dave caruso <me@paperdave.net>
