Commit 324b88d8 authored by David Woodhouse's avatar David Woodhouse

Kill HAVE_GNUTLS_CERTIFICATE_SET_X509_SYSTEM_TRUST

Signed-off-by: default avatarDavid Woodhouse <dwmw2@infradead.org>
parent 266a3938
......@@ -450,42 +450,6 @@ case "$ssl_library" in
oldcflags="$CFLAGS"
LIBS="$LIBS $GNUTLS_LIBS"
CFLAGS="$CFLAGS $GNUTLS_CFLAGS"
AC_CHECK_FUNC(gnutls_certificate_set_x509_system_trust,
[AC_DEFINE(HAVE_GNUTLS_CERTIFICATE_SET_X509_SYSTEM_TRUST, 1, [From GnuTLS 3.0.20])], [])
if test "$ac_cv_func_gnutls_certificate_set_x509_system_trust" != "yes"; then
# We will need to tell GnuTLS the path to the system CA file.
if test "$with_system_cafile" = "yes" || test "$with_system_cafile" = ""; then
unset with_system_cafile
AC_MSG_CHECKING([For location of system CA trust file])
for file in /etc/ssl/certs/ca-certificates.crt \
/etc/pki/tls/cert.pem \
/usr/local/share/certs/ca-root-nss.crt \
/etc/ssl/cert.pem \
/etc/ssl/ca-bundle.pem \
; do
if grep 'BEGIN CERTIFICATE-----' $file >/dev/null 2>&1; then
with_system_cafile=${file}
break
fi
done
AC_MSG_RESULT([${with_system_cafile-NOT FOUND}])
elif test "$with_system_cafile" = "no"; then
AC_MSG_ERROR([You cannot disable the system CA certificate file.])
fi
if test "$with_system_cafile" = ""; then
AC_MSG_ERROR([Unable to find a standard system CA certificate file.]
[Your GnuTLS requires a path to a CA certificate store. This is a file]
[which contains a list of the Certificate Authorities which are trusted.]
[Most distributions ship with this file in a standard location, but none]
[the known standard locations exist on your system. You should provide a]
[--with-system-cafile= argument to this configure script, giving the full]
[path to a default CA certificate file for GnuTLS to use. Also, please]
[send full details of your system, including 'uname -a' output and the]
[location of the system CA certificate store on your system, to the]
[openconnect-devel@lists.infradead.org mailing list.])
fi
AC_DEFINE_UNQUOTED([DEFAULT_SYSTEM_CAFILE], ["$with_system_cafile"], [Location of System CA trust file])
fi
AC_CHECK_FUNC(gnutls_cipher_set_iv,
[esp=yes], [])
AC_CHECK_FUNC(gnutls_pkcs12_simple_parse,
......
......@@ -2228,15 +2228,9 @@ int openconnect_open_https(struct openconnect_info *vpninfo)
if (!vpninfo->https_cred) {
gnutls_certificate_allocate_credentials(&vpninfo->https_cred);
if (!vpninfo->no_system_trust) {
#ifdef HAVE_GNUTLS_CERTIFICATE_SET_X509_SYSTEM_TRUST
if (!vpninfo->no_system_trust)
gnutls_certificate_set_x509_system_trust(vpninfo->https_cred);
#else
gnutls_certificate_set_x509_trust_file(vpninfo->https_cred,
DEFAULT_SYSTEM_CAFILE,
GNUTLS_X509_FMT_PEM);
#endif
}
gnutls_certificate_set_verify_function(vpninfo->https_cred,
verify_peer);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment