Index: doc/tls.html
==================================================================
--- doc/tls.html
+++ doc/tls.html
@@ -541,11 +541,11 @@
 <li><p>On Linux and Unix systems with OpenSSL already installed, if the CA
 certificates are stored in the standard locations, or if the <b class="variable">SSL_CERT_DIR</b>
 or <b class="variable">SSL_CERT_FILE</b> environment variables are set, then <b class="option">-cadir</b>,
 <b class="option">-cadir</b>, and <b class="option">-castore</b> aren't needed.</p></li>
 <li><p>If OpenSSL is not installed in the default location, or when using Mac OS
-or Windows and OpenSSL is installed, the <b class="variable">SSL_CERT_DIR</b> and/or 
+or Windows and OpenSSL is installed, the <b class="variable">SSL_CERT_DIR</b> and/or
 <b class="variable">SSL_CERT_FILE</b> environment variables or the one of the <b class="option">-cadir</b>,
 <b class="option">-cadir</b>, or <b class="option">-castore</b> options must be defined.</p></li>
 <li><p>On Windows, starting in OpenSSL 3.2, it is now possible to access the
 built-in Windows Certificate Store from OpenSSL. This can be achieved by
 setting the <b class="option">-castore</b> option to &quot;<b class="const">org.openssl.winstore://</b>&quot;.</p></li>

Index: doc/tls.man
==================================================================
--- doc/tls.man
+++ doc/tls.man
@@ -182,11 +182,11 @@
 
 [opt_def -ssl2 [arg bool]]
 Enable use of SSL v2. The default is [const false]. Note: Recent versions of
 OpenSSL no longer support SSLv2, so this may not have any effect. See the
 [cmd tls::protocols] command for supported protocols.
-	
+
 [opt_def -ssl3 [arg bool]]
 Enable use of SSL v3. The default is [const false]. Note: Recent versions
 of OpenSSL may have this disabled at compile time, so this may not have any
 effect. See the [cmd tls::protocols] command for supported protocols.
 
@@ -561,11 +561,11 @@
 or [var SSL_CERT_FILE] environment variables are set, then [option -cadir],
 [option -cadir], and [option -castore] aren't needed.
 
 [item]
 If OpenSSL is not installed in the default location, or when using Mac OS
-or Windows and OpenSSL is installed, the [var SSL_CERT_DIR] and/or 
+or Windows and OpenSSL is installed, the [var SSL_CERT_DIR] and/or
 [var SSL_CERT_FILE] environment variables or the one of the [option -cadir],
 [option -cadir], or [option -castore] options must be defined.
 
 [item]
 On Windows, starting in OpenSSL 3.2, it is now possible to access the
@@ -596,11 +596,11 @@
 
 The callback for the [option -command] option is invoked at several points during the
 OpenSSL handshake and during routine operations. See below for the possible
 arguments passed to the callback script. Values returned from the callback are
 ignored.
-	
+
 [list_begin options]
 
 [opt_def error [arg "channelId message"]]
 This form of callback is invoked whenever an error occurs during the initial
 connection, handshake, or I/O operations. The [arg message] argument can be
@@ -628,11 +628,11 @@
 depending on the context.
 
 [def [arg type]]
 For alerts, the possible values are: [const warning],
 [const fatal], and [const unknown]. For others, [const info] is used.
-This argument is new for TclTLS 1.8. 
+This argument is new for TclTLS 1.8.
 
 [list_end]
 
 [opt_def message [arg "channelId direction version content_type message"]]
 This form of callback is invoked by the OpenSSL function
@@ -686,11 +686,11 @@
 
 The callback for the [option -password] option is invoked by TclTLS whenever OpenSSL needs
 to obtain a password. See below for the possible arguments passed to the
 callback script. The user provided password is expected to be returned by the
 callback.
-	
+
 [list_begin options]
 
 [opt_def password [arg "rwflag size"]]
 Invoked when loading or storing an encrypted PEM certificate. The arguments are:
 
@@ -716,11 +716,11 @@
 below for the possible arguments passed to the callback script. If not
 specified, OpenSSL will accept all valid certificates and extensions. To reject
 the value and abort the connection, the callback should return 0. To accept the
 value and continue the connection, it should return 1. To reject the value, but
 continue the connection, it should return 2. This callback is new for TclTLS 1.8.
-	
+
 [list_begin options]
 
 [opt_def alpn [arg "channelId protocol match"]]
 For servers, this form of callback is invoked when the client ALPN extension is
 received. If [arg match] is true, then [arg protocol] is the first

Index: generic/tls.c
==================================================================
--- generic/tls.c
+++ generic/tls.c
@@ -1444,36 +1444,43 @@
     statePtr->interp	= interp;
     statePtr->want	= 0;
     statePtr->vflags	= verify;
     statePtr->err	= "";
 
-    /* allocate script */
+    /* Allocate callback script */
     if (script) {
 	(void) Tcl_GetStringFromObj(script, &len);
 	if (len) {
 	    statePtr->callback = script;
 	    Tcl_IncrRefCount(statePtr->callback);
 	}
     }
 
-    /* allocate password */
+    /* Allocate password callback */
     if (password) {
 	(void) Tcl_GetStringFromObj(password, &len);
 	if (len) {
 	    statePtr->password = password;
 	    Tcl_IncrRefCount(statePtr->password);
 	}
     }
 
-    /* allocate validate command */
+    /* Allocate validate callback */
     if (vcmd) {
 	(void) Tcl_GetStringFromObj(vcmd, &len);
 	if (len) {
 	    statePtr->vcmd = vcmd;
 	    Tcl_IncrRefCount(statePtr->vcmd);
 	}
     }
+
+    /* Set default CA store on Windows */
+#if OPENSSL_VERSION_NUMBER >= 0x30200000L && (defined(_WIN32))
+    if (CAstore == NULL && CAfile == NULL && CApath == NULL) {
+	CAstore = "org.openssl.winstore://";
+    }
+#endif
 
     if (model != NULL) {
 	int mode;
 	/* Get the "model" context */
 	chan = Tcl_GetChannel(interp, model, &mode);