My understanding of boost::asio::ssl::context is that it is just a small wrapper around OpenSSL. You can set default verify paths, but that assumes the certificates are in a particular directory which they almost never are. For example they might be in some OS-specific type of database which need system calls to access. If a program wants to use the native operating system facilities for verifying certificates, then I believe significant additional code is needed. Is this correct? I am interested in writing a simple function object which will validate a hostname and its accompanying certificate against the operating-system-dependent certificate authorities. Is there some code somewhere that does this? Any resources that I can be pointed to would be of immense value. Thanks