From e99ce63233398ce5d0bfa47eb1ca4ef0a1df5571 Mon Sep 17 00:00:00 2001 From: Eli Zaretskii Date: Sun, 14 Dec 2014 18:47:51 +0200 Subject: [PATCH] Load system's default trusted Certificate Authorities if available. src/gnutls.c (gnutls_certificate_set_x509_system_trust) [GNUTLS >= 3.0.20]: Declare for WINDOWSNT. (init_gnutls_functions)(gnutls_certificate_set_x509_system_trust) [GNUTLS >= 3.0.20]: Load from shared library for WINDOWSNT. (fn_gnutls_certificate_set_x509_system_trust) [!WINDOWSNT]: Define new macro. (Fgnutls_boot) [GNUTLS >= 3.0.20]: Call gnutls_certificate_set_x509_system_trust. Log an error message if it fails. --- src/ChangeLog | 13 +++++++++++++ src/gnutls.c | 21 +++++++++++++++++++++ 2 files changed, 34 insertions(+) diff --git a/src/ChangeLog b/src/ChangeLog index 12fe16ddab3..fd56186105b 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,16 @@ +2014-12-14 Eli Zaretskii + + Load system's default trusted Certificate Authorities if available. + * gnutls.c (gnutls_certificate_set_x509_system_trust) + [GNUTLS >= 3.0.20]: Declare for WINDOWSNT. + (init_gnutls_functions)(gnutls_certificate_set_x509_system_trust) + [GNUTLS >= 3.0.20]: Load from shared library for WINDOWSNT. + (fn_gnutls_certificate_set_x509_system_trust) [!WINDOWSNT]: Define + new macro. + (Fgnutls_boot) [GNUTLS >= 3.0.20]: Call + gnutls_certificate_set_x509_system_trust. Log an error message if + it fails. + 2014-12-13 Paul Eggert * alloc.c (XMALLOC_BASE_ALIGNMENT): Use max_align_t instead of diff --git a/src/gnutls.c b/src/gnutls.c index ad4d9974ed7..1feb7e18221 100644 --- a/src/gnutls.c +++ b/src/gnutls.c @@ -103,6 +103,11 @@ DEF_GNUTLS_FN (int, gnutls_certificate_set_x509_crl_file, DEF_GNUTLS_FN (int, gnutls_certificate_set_x509_key_file, (gnutls_certificate_credentials_t, const char *, const char *, gnutls_x509_crt_fmt_t)); +#if GNUTLS_VERSION_MAJOR + \ + (GNUTLS_VERSION_MINOR > 0 || GNUTLS_VERSION_PATCH >= 20) > 3 +DEF_GNUTLS_FN (int, gnutls_certificate_set_x509_system_trust, + (gnutls_certificate_credentials_t)); +#endif DEF_GNUTLS_FN (int, gnutls_certificate_set_x509_trust_file, (gnutls_certificate_credentials_t, const char *, gnutls_x509_crt_fmt_t)); @@ -227,6 +232,10 @@ init_gnutls_functions (void) LOAD_GNUTLS_FN (library, gnutls_certificate_set_verify_flags); LOAD_GNUTLS_FN (library, gnutls_certificate_set_x509_crl_file); LOAD_GNUTLS_FN (library, gnutls_certificate_set_x509_key_file); +#if GNUTLS_VERSION_MAJOR + \ + (GNUTLS_VERSION_MINOR > 0 || GNUTLS_VERSION_PATCH >= 20) > 3 + LOAD_GNUTLS_FN (library, gnutls_certificate_set_x509_system_trust); +#endif LOAD_GNUTLS_FN (library, gnutls_certificate_set_x509_trust_file); LOAD_GNUTLS_FN (library, gnutls_certificate_type_get); LOAD_GNUTLS_FN (library, gnutls_certificate_verify_peers2); @@ -314,6 +323,10 @@ init_gnutls_functions (void) #define fn_gnutls_certificate_set_verify_flags gnutls_certificate_set_verify_flags #define fn_gnutls_certificate_set_x509_crl_file gnutls_certificate_set_x509_crl_file #define fn_gnutls_certificate_set_x509_key_file gnutls_certificate_set_x509_key_file +#if GNUTLS_VERSION_MAJOR + \ + (GNUTLS_VERSION_MINOR > 0 || GNUTLS_VERSION_PATCH >= 20) > 3 +#define fn_gnutls_certificate_set_x509_system_trust gnutls_certificate_set_x509_system_trust +#endif #define fn_gnutls_certificate_set_x509_trust_file gnutls_certificate_set_x509_trust_file #define fn_gnutls_certificate_type_get gnutls_certificate_type_get #define fn_gnutls_certificate_verify_peers2 gnutls_certificate_verify_peers2 @@ -1308,6 +1321,14 @@ one trustfile (usually a CA bundle). */) int file_format = GNUTLS_X509_FMT_PEM; Lisp_Object tail; +#if GNUTLS_VERSION_MAJOR + \ + (GNUTLS_VERSION_MINOR > 0 || GNUTLS_VERSION_PATCH >= 20) > 3 + ret = fn_gnutls_certificate_set_x509_system_trust (x509_cred); + if (ret < GNUTLS_E_SUCCESS) + GNUTLS_LOG2i (4, max_log_level, + "setting system trust failed with code ", ret); +#endif + for (tail = trustfiles; CONSP (tail); tail = XCDR (tail)) { Lisp_Object trustfile = XCAR (tail); -- 2.39.2