The GNU TLS backend loads default root certificates.

diff --git a/ChangeLog b/ChangeLog
index 50f3d2d43ae86840cc8179c46db23405be94c845..60426f4f5b28e6c97c3e2ed84e3254c214ba3922 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2010-07-05  Giuseppe Scrivano  <gscrivano@gnu.org>
+
+       * bootstrap.conf (gnulib_modules): Add `asprintf'.
+

 2010-06-22  Giuseppe Scrivano  <gscrivano@gnu.org>
 
        * configure.ac: By default use GNU TLS not OpenSSL.
 2010-06-22  Giuseppe Scrivano  <gscrivano@gnu.org>
 
        * configure.ac: By default use GNU TLS not OpenSSL.

diff --git a/bootstrap.conf b/bootstrap.conf
index 36778f7c91ecbc19e83558765837d599197a8dc7..1692f5c7b088b7df752d9b1e9033f441a9ed661b 100644 (file)
--- a/bootstrap.conf
+++ b/bootstrap.conf
@@ -27,6 +27,7 @@ gnulib_modules="
 accept
 alloca
 announce-gen
 accept
 alloca
 announce-gen

+asprintf

 bind
 c-ctype
 close
 bind
 c-ctype
 close

diff --git a/src/ChangeLog b/src/ChangeLog
index a062fdfb478c7b28fc5d01bc0eaf77e07f260592..21261f49d3351422f3461835067508dcfc71dba4 100644 (file)
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,8 @@
+2010-07-05  Giuseppe Scrivano  <gscrivano@gnu.org>
+
+       * gnutls.c (ssl_init): New local variables `ca_directory' and `dir'.
+       Load default root certificates under the `ca_directory' directory.
+

 2010-07-03  Giuseppe Scrivano  <gscrivano@gnu.org>
 
        * gnutls.c (ssl_connect_wget): New local variable `allowed_protocols'.
 2010-07-03  Giuseppe Scrivano  <gscrivano@gnu.org>
 
        * gnutls.c (ssl_connect_wget): New local variable `allowed_protocols'.

diff --git a/src/gnutls.c b/src/gnutls.c
index 3c4c5b4cf6f8383e9be5a13fa30b988343c4217c..adba856044e4f0eaa9bf9fc8906671c849d6e8c2 100644 (file)
--- a/src/gnutls.c
+++ b/src/gnutls.c
@@ -37,6 +37,7 @@ as that of the covered work.  */
 #endif
 #include <string.h>
 #include <stdio.h>
 #endif
 #include <string.h>
 #include <stdio.h>

+#include <dirent.h>

 #include <stdlib.h>
 
 #include <gnutls/gnutls.h>
 #include <stdlib.h>
 
 #include <gnutls/gnutls.h>


@@ -61,8 +62,42 @@ static gnutls_certificate_credentials credentials;
 bool
 ssl_init ()
 {
 bool
 ssl_init ()
 {

+  const char *ca_directory;
+  DIR *dir;
+

   gnutls_global_init ();
   gnutls_certificate_allocate_credentials (&credentials);
   gnutls_global_init ();
   gnutls_certificate_allocate_credentials (&credentials);

+
+  ca_directory = opt.ca_directory ? opt.ca_directory : "/etc/ssl/certs";
+
+  dir = opendir (ca_directory);
+  if (dir == NULL)
+    {
+      if (opt.ca_directory)
+        logprintf (LOG_NOTQUIET, _("ERROR: Cannot open directory %s.\n"),
+                   opt.ca_directory);
+    }
+  else
+    {
+      struct dirent *dent;
+      while ((dent = readdir (dir)) != NULL)
+        {
+          struct stat st;
+          char *ca_file;
+          asprintf (&ca_file, "%s/%s", ca_directory, dent->d_name);
+
+          stat (ca_file, &st);
+
+          if (S_ISREG (st.st_mode))
+            gnutls_certificate_set_x509_trust_file (credentials, ca_file,
+                                                    GNUTLS_X509_FMT_PEM);
+
+          free (ca_file);
+        }
+
+      closedir (dir);
+    }
+

   if (opt.ca_cert)
     gnutls_certificate_set_x509_trust_file (credentials, opt.ca_cert,
                                             GNUTLS_X509_FMT_PEM);
   if (opt.ca_cert)
     gnutls_certificate_set_x509_trust_file (credentials, opt.ca_cert,
                                             GNUTLS_X509_FMT_PEM);