Load system's default trusted Certificate Authorities if available.

 src/gnutls.c (gnutls_certificate_set_x509_system_trust)
 [GNUTLS >= 3.0.20]: Declare for WINDOWSNT.
 (init_gnutls_functions)(gnutls_certificate_set_x509_system_trust)
 [GNUTLS >= 3.0.20]: Load from shared library for WINDOWSNT.
 (fn_gnutls_certificate_set_x509_system_trust) [!WINDOWSNT]: Define
 new macro.
 (Fgnutls_boot) [GNUTLS >= 3.0.20]: Call
 gnutls_certificate_set_x509_system_trust.  Log an error message if
 it fails.

diff --git a/src/ChangeLog b/src/ChangeLog
index 12fe16ddab321ecf16be171925269f889cb6fdb6..fd56186105b48779f6fbe8b6ff96222f899645af 100644 (file)
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,16 @@
+2014-12-14  Eli Zaretskii  <eliz@gnu.org>
+
+       Load system's default trusted Certificate Authorities if available.
+       * gnutls.c (gnutls_certificate_set_x509_system_trust)
+       [GNUTLS >= 3.0.20]: Declare for WINDOWSNT.
+       (init_gnutls_functions)(gnutls_certificate_set_x509_system_trust)
+       [GNUTLS >= 3.0.20]: Load from shared library for WINDOWSNT.
+       (fn_gnutls_certificate_set_x509_system_trust) [!WINDOWSNT]: Define
+       new macro.
+       (Fgnutls_boot) [GNUTLS >= 3.0.20]: Call
+       gnutls_certificate_set_x509_system_trust.  Log an error message if
+       it fails.
+
 2014-12-13  Paul Eggert  <eggert@cs.ucla.edu>
 
        * alloc.c (XMALLOC_BASE_ALIGNMENT): Use max_align_t instead of

diff --git a/src/gnutls.c b/src/gnutls.c
index ad4d9974ed734dad8c0d3e910840f68a5222be49..1feb7e182218bed06d11d822a0460ca05bf54a4d 100644 (file)
--- a/src/gnutls.c
+++ b/src/gnutls.c
@@ -103,6 +103,11 @@ DEF_GNUTLS_FN (int, gnutls_certificate_set_x509_crl_file,
 DEF_GNUTLS_FN (int, gnutls_certificate_set_x509_key_file,
               (gnutls_certificate_credentials_t, const char *, const char *,
                gnutls_x509_crt_fmt_t));
+#if GNUTLS_VERSION_MAJOR +                                     \
+  (GNUTLS_VERSION_MINOR > 0 || GNUTLS_VERSION_PATCH >= 20) > 3
+DEF_GNUTLS_FN (int, gnutls_certificate_set_x509_system_trust,
+              (gnutls_certificate_credentials_t));
+#endif
 DEF_GNUTLS_FN (int, gnutls_certificate_set_x509_trust_file,
               (gnutls_certificate_credentials_t, const char *,
                gnutls_x509_crt_fmt_t));
@@ -227,6 +232,10 @@ init_gnutls_functions (void)
   LOAD_GNUTLS_FN (library, gnutls_certificate_set_verify_flags);
   LOAD_GNUTLS_FN (library, gnutls_certificate_set_x509_crl_file);
   LOAD_GNUTLS_FN (library, gnutls_certificate_set_x509_key_file);
+#if GNUTLS_VERSION_MAJOR +                                     \
+  (GNUTLS_VERSION_MINOR > 0 || GNUTLS_VERSION_PATCH >= 20) > 3
+  LOAD_GNUTLS_FN (library, gnutls_certificate_set_x509_system_trust);
+#endif
   LOAD_GNUTLS_FN (library, gnutls_certificate_set_x509_trust_file);
   LOAD_GNUTLS_FN (library, gnutls_certificate_type_get);
   LOAD_GNUTLS_FN (library, gnutls_certificate_verify_peers2);
@@ -314,6 +323,10 @@ init_gnutls_functions (void)
 #define fn_gnutls_certificate_set_verify_flags gnutls_certificate_set_verify_flags
 #define fn_gnutls_certificate_set_x509_crl_file        gnutls_certificate_set_x509_crl_file
 #define fn_gnutls_certificate_set_x509_key_file gnutls_certificate_set_x509_key_file
+#if GNUTLS_VERSION_MAJOR +                                     \
+  (GNUTLS_VERSION_MINOR > 0 || GNUTLS_VERSION_PATCH >= 20) > 3
+#define fn_gnutls_certificate_set_x509_system_trust gnutls_certificate_set_x509_system_trust
+#endif
 #define fn_gnutls_certificate_set_x509_trust_file gnutls_certificate_set_x509_trust_file
 #define fn_gnutls_certificate_type_get         gnutls_certificate_type_get
 #define fn_gnutls_certificate_verify_peers2    gnutls_certificate_verify_peers2
@@ -1308,6 +1321,14 @@ one trustfile (usually a CA bundle).  */)
       int file_format = GNUTLS_X509_FMT_PEM;
       Lisp_Object tail;
 
+#if GNUTLS_VERSION_MAJOR +                                     \
+  (GNUTLS_VERSION_MINOR > 0 || GNUTLS_VERSION_PATCH >= 20) > 3
+      ret = fn_gnutls_certificate_set_x509_system_trust (x509_cred);
+      if (ret < GNUTLS_E_SUCCESS)
+       GNUTLS_LOG2i (4, max_log_level,
+                     "setting system trust failed with code ", ret);
+#endif
+
       for (tail = trustfiles; CONSP (tail); tail = XCDR (tail))
        {
          Lisp_Object trustfile = XCAR (tail);