From 5bd3a0c9e00cde01cf325389458f86fd9f05db3f Mon Sep 17 00:00:00 2001 From: Ashish SHUKLA Date: Thu, 24 Dec 2015 18:54:41 +0100 Subject: [PATCH] Add FreeBSD cert bundle * doc/misc/emacs-gnutls.texi (Help For Users): Document FreeBSD bundle. * lisp/net/gnutls.el (gnutls-trustfiles): Add FreeBSD cert bundle. Backport: (cherry picked from commit 60c0f1a18ad88d6dc1a8f4ee5d9d18940eaeb6f7) --- doc/misc/emacs-gnutls.texi | 17 +++++++++-------- lisp/net/gnutls.el | 9 +++++---- 2 files changed, 14 insertions(+), 12 deletions(-) diff --git a/doc/misc/emacs-gnutls.texi b/doc/misc/emacs-gnutls.texi index 4f6ef010ef3..d951e2fde32 100644 --- a/doc/misc/emacs-gnutls.texi +++ b/doc/misc/emacs-gnutls.texi @@ -123,14 +123,15 @@ The @code{gnutls-trustfiles} variable is a list of trustfiles host name (although @code{gnutls-negotiate} supports a trustfile per connection so it could be done if needed). The trustfiles can be in PEM or DER format and examples can be found in most Unix -distributions. By default four locations are tried in this order: -@file{/etc/ssl/certs/ca-certificates.crt} for Debian, Ubuntu, Gentoo -and Arch Linux; @file{/etc/pki/tls/certs/ca-bundle.crt} for Fedora -and RHEL; @file{/etc/ssl/ca-bundle.pem} for Suse; -@file{/usr/ssl/certs/ca-bundle.crt} for Cygwin. You can easily -customize @code{gnutls-trustfiles} to be something else, but let us -know if you do, so we can make the change to benefit the other users -of that platform. +distributions. By default the following locations are tried in this +order: @file{/etc/ssl/certs/ca-certificates.crt} for Debian, Ubuntu, +Gentoo and Arch Linux; @file{/etc/pki/tls/certs/ca-bundle.crt} for +Fedora and RHEL; @file{/etc/ssl/ca-bundle.pem} for Suse; +@file{/usr/ssl/certs/ca-bundle.crt} for Cygwin; +@file{/usr/local/share/certs/ca-root-nss.crt} for FreeBSD. You can +easily customize @code{gnutls-trustfiles} to be something else, but +let us know if you do, so we can make the change to benefit the other +users of that platform. @end defvar @defvar gnutls-verify-error diff --git a/lisp/net/gnutls.el b/lisp/net/gnutls.el index 479c9a579f3..ccaef8aafac 100644 --- a/lisp/net/gnutls.el +++ b/lisp/net/gnutls.el @@ -67,10 +67,11 @@ set this variable to \"normal:-dhe-rsa\"." (defcustom gnutls-trustfiles '( - "/etc/ssl/certs/ca-certificates.crt" ; Debian, Ubuntu, Gentoo and Arch Linux - "/etc/pki/tls/certs/ca-bundle.crt" ; Fedora and RHEL - "/etc/ssl/ca-bundle.pem" ; Suse - "/usr/ssl/certs/ca-bundle.crt" ; Cygwin + "/etc/ssl/certs/ca-certificates.crt" ; Debian, Ubuntu, Gentoo and Arch Linux + "/etc/pki/tls/certs/ca-bundle.crt" ; Fedora and RHEL + "/etc/ssl/ca-bundle.pem" ; Suse + "/usr/ssl/certs/ca-bundle.crt" ; Cygwin + "/usr/local/share/certs/ca-root-nss.crt" ; FreeBSD ) "List of CA bundle location filenames or a function returning said list. The files may be in PEM or DER format, as per the GnuTLS documentation. -- 2.39.2