1
0
mirror of https://github.com/rkd77/elinks.git synced 2024-06-12 23:10:51 +00:00

gnutls_certificate_set_x509_system_trust

If this function is available and gnutls is used,
and connection.ssl.trusted_ca_file is "",
gnutls_certificate_set_x509_system_trust is called
to load certificates.
This commit is contained in:
Witold Filipczyk 2017-11-14 16:02:22 +01:00
parent 0266633025
commit 91beac7ee3
2 changed files with 13 additions and 4 deletions

View File

@ -1189,6 +1189,7 @@ else
# gnutls_priority_set_direct in GNUTLS 2.1.7 (released
# 2007-11-29).
AC_CHECK_FUNCS([gnutls_priority_set_direct])
AC_CHECK_FUNCS([gnutls_certificate_set_x509_system_trust])
fi
EL_RESTORE_FLAGS

View File

@ -205,10 +205,13 @@ init_gnutls(struct module *module)
/* FIXME: check returned values. --witekfl */
gnutls_certificate_set_x509_trust_file(xcred, ca_file,
GNUTLS_X509_FMT_PEM);
gnutls_certificate_set_verify_flags(xcred,
GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
} else {
#ifdef HAVE_GNUTLS_CERTIFICATE_SET_X509_SYSTEM_TRUST
gnutls_certificate_set_x509_system_trust(xcred);
#endif
}
gnutls_certificate_set_verify_flags(xcred,
GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
}
@ -235,7 +238,12 @@ static union option_info gnutls_options[] = {
* suit their systems.
* TODO: If the file name is relative, look in elinks_home? */
INIT_OPT_STRING("connection.ssl", N_("Trusted CA file"),
"trusted_ca_file", 0, "/etc/ssl/certs/ca-certificates.crt",
"trusted_ca_file", 0,
#ifdef HAVE_GNUTLS_CERTIFICATE_SET_X509_SYSTEM_TRUST
"",
#else
"/etc/ssl/certs/ca-certificates.crt",
#endif
N_("The location of a file containing certificates of "
"trusted certification authorities in PEM format. "
"ELinks then trusts certificates issued by these CAs.\n"