Load system's default trusted Certificate Authorities if available.

 src/gnutls.c (gnutls_certificate_set_x509_system_trust)
 [GNUTLS >= 3.0.20]: Declare for WINDOWSNT.
 (init_gnutls_functions)(gnutls_certificate_set_x509_system_trust)
 [GNUTLS >= 3.0.20]: Load from shared library for WINDOWSNT.
 (fn_gnutls_certificate_set_x509_system_trust) [!WINDOWSNT]: Define
 new macro.
 (Fgnutls_boot) [GNUTLS >= 3.0.20]: Call
 gnutls_certificate_set_x509_system_trust.  Log an error message if
 it fails.

2 files changed, 34 insertions, 0 deletions

diff --git a/src/ChangeLog b/src/ChangeLog
index 12fe16ddab..fd56186105 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,16 @@
+2014-12-14  Eli Zaretskii  <eliz@gnu.org>
+
+	Load system's default trusted Certificate Authorities if available.
+	* gnutls.c (gnutls_certificate_set_x509_system_trust)
+	[GNUTLS >= 3.0.20]: Declare for WINDOWSNT.
+	(init_gnutls_functions)(gnutls_certificate_set_x509_system_trust)
+	[GNUTLS >= 3.0.20]: Load from shared library for WINDOWSNT.
+	(fn_gnutls_certificate_set_x509_system_trust) [!WINDOWSNT]: Define
+	new macro.
+	(Fgnutls_boot) [GNUTLS >= 3.0.20]: Call
+	gnutls_certificate_set_x509_system_trust.  Log an error message if
+	it fails.
+
 2014-12-13  Paul Eggert  <eggert@cs.ucla.edu>
 
 	* alloc.c (XMALLOC_BASE_ALIGNMENT): Use max_align_t instead of
diff --git a/src/gnutls.c b/src/gnutls.c
index ad4d9974ed..1feb7e1822 100644
--- a/src/gnutls.c
+++ b/src/gnutls.c
@@ -103,6 +103,11 @@ DEF_GNUTLS_FN (int, gnutls_certificate_set_x509_crl_file,
 DEF_GNUTLS_FN (int, gnutls_certificate_set_x509_key_file,
 	       (gnutls_certificate_credentials_t, const char *, const char *,
 		gnutls_x509_crt_fmt_t));
+#if GNUTLS_VERSION_MAJOR +					\
+  (GNUTLS_VERSION_MINOR > 0 || GNUTLS_VERSION_PATCH >= 20) > 3
+DEF_GNUTLS_FN (int, gnutls_certificate_set_x509_system_trust,
+	       (gnutls_certificate_credentials_t));
+#endif
 DEF_GNUTLS_FN (int, gnutls_certificate_set_x509_trust_file,
 	       (gnutls_certificate_credentials_t, const char *,
 		gnutls_x509_crt_fmt_t));
@@ -227,6 +232,10 @@ init_gnutls_functions (void)
   LOAD_GNUTLS_FN (library, gnutls_certificate_set_verify_flags);
   LOAD_GNUTLS_FN (library, gnutls_certificate_set_x509_crl_file);
   LOAD_GNUTLS_FN (library, gnutls_certificate_set_x509_key_file);
+#if GNUTLS_VERSION_MAJOR +					\
+  (GNUTLS_VERSION_MINOR > 0 || GNUTLS_VERSION_PATCH >= 20) > 3
+  LOAD_GNUTLS_FN (library, gnutls_certificate_set_x509_system_trust);
+#endif
   LOAD_GNUTLS_FN (library, gnutls_certificate_set_x509_trust_file);
   LOAD_GNUTLS_FN (library, gnutls_certificate_type_get);
   LOAD_GNUTLS_FN (library, gnutls_certificate_verify_peers2);
@@ -314,6 +323,10 @@ init_gnutls_functions (void)
 #define fn_gnutls_certificate_set_verify_flags	gnutls_certificate_set_verify_flags
 #define fn_gnutls_certificate_set_x509_crl_file	gnutls_certificate_set_x509_crl_file
 #define fn_gnutls_certificate_set_x509_key_file gnutls_certificate_set_x509_key_file
+#if GNUTLS_VERSION_MAJOR +					\
+  (GNUTLS_VERSION_MINOR > 0 || GNUTLS_VERSION_PATCH >= 20) > 3
+#define fn_gnutls_certificate_set_x509_system_trust gnutls_certificate_set_x509_system_trust
+#endif
 #define fn_gnutls_certificate_set_x509_trust_file gnutls_certificate_set_x509_trust_file
 #define fn_gnutls_certificate_type_get		gnutls_certificate_type_get
 #define fn_gnutls_certificate_verify_peers2	gnutls_certificate_verify_peers2
@@ -1308,6 +1321,14 @@ one trustfile (usually a CA bundle).  */)
       int file_format = GNUTLS_X509_FMT_PEM;
       Lisp_Object tail;
 
+#if GNUTLS_VERSION_MAJOR +					\
+  (GNUTLS_VERSION_MINOR > 0 || GNUTLS_VERSION_PATCH >= 20) > 3
+      ret = fn_gnutls_certificate_set_x509_system_trust (x509_cred);
+      if (ret < GNUTLS_E_SUCCESS)
+	GNUTLS_LOG2i (4, max_log_level,
+		      "setting system trust failed with code ", ret);
+#endif
+
       for (tail = trustfiles; CONSP (tail); tail = XCDR (tail))
 	{
 	  Lisp_Object trustfile = XCAR (tail);