diff options
| author | Eli Zaretskii <eliz@gnu.org> | 2014-12-14 18:47:51 +0200 |
|---|---|---|
| committer | Eli Zaretskii <eliz@gnu.org> | 2014-12-14 18:47:51 +0200 |
| commit | e99ce63233398ce5d0bfa47eb1ca4ef0a1df5571 (patch) | |
| tree | d559fd48475c8ea12ebd6015b660eb3c5a616274 /src/gnutls.c | |
| parent | 9624075a2cc512b4c3efb155b71feed8f08838dd (diff) | |
Load system's default trusted Certificate Authorities if available.
src/gnutls.c (gnutls_certificate_set_x509_system_trust)
[GNUTLS >= 3.0.20]: Declare for WINDOWSNT.
(init_gnutls_functions)(gnutls_certificate_set_x509_system_trust)
[GNUTLS >= 3.0.20]: Load from shared library for WINDOWSNT.
(fn_gnutls_certificate_set_x509_system_trust) [!WINDOWSNT]: Define
new macro.
(Fgnutls_boot) [GNUTLS >= 3.0.20]: Call
gnutls_certificate_set_x509_system_trust. Log an error message if
it fails.
Diffstat (limited to 'src/gnutls.c')
| -rw-r--r-- | src/gnutls.c | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/src/gnutls.c b/src/gnutls.c index ad4d9974ed..1feb7e1822 100644 --- a/src/gnutls.c +++ b/src/gnutls.c @@ -103,6 +103,11 @@ DEF_GNUTLS_FN (int, gnutls_certificate_set_x509_crl_file, DEF_GNUTLS_FN (int, gnutls_certificate_set_x509_key_file, (gnutls_certificate_credentials_t, const char *, const char *, gnutls_x509_crt_fmt_t)); +#if GNUTLS_VERSION_MAJOR + \ + (GNUTLS_VERSION_MINOR > 0 || GNUTLS_VERSION_PATCH >= 20) > 3 +DEF_GNUTLS_FN (int, gnutls_certificate_set_x509_system_trust, + (gnutls_certificate_credentials_t)); +#endif DEF_GNUTLS_FN (int, gnutls_certificate_set_x509_trust_file, (gnutls_certificate_credentials_t, const char *, gnutls_x509_crt_fmt_t)); @@ -227,6 +232,10 @@ init_gnutls_functions (void) LOAD_GNUTLS_FN (library, gnutls_certificate_set_verify_flags); LOAD_GNUTLS_FN (library, gnutls_certificate_set_x509_crl_file); LOAD_GNUTLS_FN (library, gnutls_certificate_set_x509_key_file); +#if GNUTLS_VERSION_MAJOR + \ + (GNUTLS_VERSION_MINOR > 0 || GNUTLS_VERSION_PATCH >= 20) > 3 + LOAD_GNUTLS_FN (library, gnutls_certificate_set_x509_system_trust); +#endif LOAD_GNUTLS_FN (library, gnutls_certificate_set_x509_trust_file); LOAD_GNUTLS_FN (library, gnutls_certificate_type_get); LOAD_GNUTLS_FN (library, gnutls_certificate_verify_peers2); @@ -314,6 +323,10 @@ init_gnutls_functions (void) #define fn_gnutls_certificate_set_verify_flags gnutls_certificate_set_verify_flags #define fn_gnutls_certificate_set_x509_crl_file gnutls_certificate_set_x509_crl_file #define fn_gnutls_certificate_set_x509_key_file gnutls_certificate_set_x509_key_file +#if GNUTLS_VERSION_MAJOR + \ + (GNUTLS_VERSION_MINOR > 0 || GNUTLS_VERSION_PATCH >= 20) > 3 +#define fn_gnutls_certificate_set_x509_system_trust gnutls_certificate_set_x509_system_trust +#endif #define fn_gnutls_certificate_set_x509_trust_file gnutls_certificate_set_x509_trust_file #define fn_gnutls_certificate_type_get gnutls_certificate_type_get #define fn_gnutls_certificate_verify_peers2 gnutls_certificate_verify_peers2 @@ -1308,6 +1321,14 @@ one trustfile (usually a CA bundle). */) int file_format = GNUTLS_X509_FMT_PEM; Lisp_Object tail; +#if GNUTLS_VERSION_MAJOR + \ + (GNUTLS_VERSION_MINOR > 0 || GNUTLS_VERSION_PATCH >= 20) > 3 + ret = fn_gnutls_certificate_set_x509_system_trust (x509_cred); + if (ret < GNUTLS_E_SUCCESS) + GNUTLS_LOG2i (4, max_log_level, + "setting system trust failed with code ", ret); +#endif + for (tail = trustfiles; CONSP (tail); tail = XCDR (tail)) { Lisp_Object trustfile = XCAR (tail); |