return system_store_certs;

}

static void LoadSystemCACertificates(void* data) {

GetSystemStoreCACertificates();

}

static uv_thread_t system_ca_thread;

static bool system_ca_thread_started = false;

int LoadSystemCACertificatesOffThread() {

// This is only run once during the initialization of the process, so

// it is safe to use a static thread here.

int r =

uv_thread_create(&system_ca_thread, LoadSystemCACertificates, nullptr);

if (r == 0) {

system_ca_thread_started = true;

}

return r;

}

static std::vector<X509*> InitializeExtraCACertificates() {

std::vector<X509*> extra_certs;

unsigned long err = LoadCertsFromFile( // NOLINT(runtime/int)

X509_free(cert);

}

}

if (system_ca_thread_started) {

uv_thread_join(&system_ca_thread);

system_ca_thread_started = false;

}

}

void GetBundledRootCertificates(const FunctionCallbackInfo<Value>& args) {

void InitCrypto(v8::Local<v8::Object> target);

extern void UseExtraCaCerts(std::string_view file);

extern int LoadSystemCACertificatesOffThread();

void CleanupCachedRootCertificates();

int PasswordCallback(char* buf, int size, int rwflag, void* u);

return result;

}

if (per_process::cli_options->use_system_ca) {

// Load the system CA certificates eagerly off the main thread to avoid

// blocking the main thread when the first TLS connection is made. We

// don't need to wait for the thread to finish with code here, as

// GetSystemStoreCACertificates() has a function-local static and any

// actual user of it will wait for that to complete initialization.

int r = crypto::LoadSystemCACertificatesOffThread();

if (r != 0) {

FPrintF(

stderr,

"Warning: Failed to load system CA certificates off thread: %s\n",

uv_strerror(r));

}

}

// Ensure CSPRNG is properly seeded.

CHECK(ncrypto::CSPRNG(nullptr, 0));