Commit e99ce632 authored by Eli Zaretskii's avatar Eli Zaretskii
Browse files

Load system's default trusted Certificate Authorities if available.

 src/gnutls.c (gnutls_certificate_set_x509_system_trust)
 [GNUTLS >= 3.0.20]: Declare for WINDOWSNT.
 (init_gnutls_functions)(gnutls_certificate_set_x509_system_trust)
 [GNUTLS >= 3.0.20]: Load from shared library for WINDOWSNT.
 (fn_gnutls_certificate_set_x509_system_trust) [!WINDOWSNT]: Define
 new macro.
 (Fgnutls_boot) [GNUTLS >= 3.0.20]: Call
 gnutls_certificate_set_x509_system_trust.  Log an error message if
 it fails.
parent 9624075a
2014-12-14 Eli Zaretskii <eliz@gnu.org>
Load system's default trusted Certificate Authorities if available.
* gnutls.c (gnutls_certificate_set_x509_system_trust)
[GNUTLS >= 3.0.20]: Declare for WINDOWSNT.
(init_gnutls_functions)(gnutls_certificate_set_x509_system_trust)
[GNUTLS >= 3.0.20]: Load from shared library for WINDOWSNT.
(fn_gnutls_certificate_set_x509_system_trust) [!WINDOWSNT]: Define
new macro.
(Fgnutls_boot) [GNUTLS >= 3.0.20]: Call
gnutls_certificate_set_x509_system_trust. Log an error message if
it fails.
2014-12-13 Paul Eggert <eggert@cs.ucla.edu>
 
* alloc.c (XMALLOC_BASE_ALIGNMENT): Use max_align_t instead of
......
......@@ -103,6 +103,11 @@ DEF_GNUTLS_FN (int, gnutls_certificate_set_x509_crl_file,
DEF_GNUTLS_FN (int, gnutls_certificate_set_x509_key_file,
(gnutls_certificate_credentials_t, const char *, const char *,
gnutls_x509_crt_fmt_t));
#if GNUTLS_VERSION_MAJOR + \
(GNUTLS_VERSION_MINOR > 0 || GNUTLS_VERSION_PATCH >= 20) > 3
DEF_GNUTLS_FN (int, gnutls_certificate_set_x509_system_trust,
(gnutls_certificate_credentials_t));
#endif
DEF_GNUTLS_FN (int, gnutls_certificate_set_x509_trust_file,
(gnutls_certificate_credentials_t, const char *,
gnutls_x509_crt_fmt_t));
......@@ -227,6 +232,10 @@ init_gnutls_functions (void)
LOAD_GNUTLS_FN (library, gnutls_certificate_set_verify_flags);
LOAD_GNUTLS_FN (library, gnutls_certificate_set_x509_crl_file);
LOAD_GNUTLS_FN (library, gnutls_certificate_set_x509_key_file);
#if GNUTLS_VERSION_MAJOR + \
(GNUTLS_VERSION_MINOR > 0 || GNUTLS_VERSION_PATCH >= 20) > 3
LOAD_GNUTLS_FN (library, gnutls_certificate_set_x509_system_trust);
#endif
LOAD_GNUTLS_FN (library, gnutls_certificate_set_x509_trust_file);
LOAD_GNUTLS_FN (library, gnutls_certificate_type_get);
LOAD_GNUTLS_FN (library, gnutls_certificate_verify_peers2);
......@@ -314,6 +323,10 @@ init_gnutls_functions (void)
#define fn_gnutls_certificate_set_verify_flags gnutls_certificate_set_verify_flags
#define fn_gnutls_certificate_set_x509_crl_file gnutls_certificate_set_x509_crl_file
#define fn_gnutls_certificate_set_x509_key_file gnutls_certificate_set_x509_key_file
#if GNUTLS_VERSION_MAJOR + \
(GNUTLS_VERSION_MINOR > 0 || GNUTLS_VERSION_PATCH >= 20) > 3
#define fn_gnutls_certificate_set_x509_system_trust gnutls_certificate_set_x509_system_trust
#endif
#define fn_gnutls_certificate_set_x509_trust_file gnutls_certificate_set_x509_trust_file
#define fn_gnutls_certificate_type_get gnutls_certificate_type_get
#define fn_gnutls_certificate_verify_peers2 gnutls_certificate_verify_peers2
......@@ -1308,6 +1321,14 @@ one trustfile (usually a CA bundle). */)
int file_format = GNUTLS_X509_FMT_PEM;
Lisp_Object tail;
#if GNUTLS_VERSION_MAJOR + \
(GNUTLS_VERSION_MINOR > 0 || GNUTLS_VERSION_PATCH >= 20) > 3
ret = fn_gnutls_certificate_set_x509_system_trust (x509_cred);
if (ret < GNUTLS_E_SUCCESS)
GNUTLS_LOG2i (4, max_log_level,
"setting system trust failed with code ", ret);
#endif
for (tail = trustfiles; CONSP (tail); tail = XCDR (tail))
{
Lisp_Object trustfile = XCAR (tail);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment