If I want to use HsOpenSSL for a tls client application that verifies the server certificate I have to manually specify a CA certificate bundle containing the trusted roots. For example, in a linux system, I would do the following mkTlsContext :: IO Context mkTlsContext = do ctx <- context contextSetVerificationMode ctx (VerifyPeer True False Nothing) contextSetCADirectory ctx "/etc/ssl/certs" return ctx The problem is that the above solution only works for linux. Is there a cross-platform way to find a reasonable CA bundle and use it with HsOpenSSL? Note that the tls package has x509-system [1] that does exactly that. So I am basically asking if anybody has written something similar for HsOpenSSL. [1] https://hackage.haskell.org/package/x509-system