Use gnutls_certificate_set_x509_system_trust() where available

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
sailfishos-mirror · Jun 10, 2012 · 768e287 · 768e287
1 parent 935e6e2
commit 768e287
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 0 deletions.
diff --git a/configure.ac b/configure.ac
@@ -199,6 +199,8 @@ if test "$with_gnutls" = "yes" || test "$with_gnutls" = "shibboleet"; then
     ssl_library=gnutls
     oldlibs="$LIBS"
     LIBS="$LIBS $GNUTLS_LIBS"
+    AC_CHECK_FUNC(gnutls_certificate_set_x509_system_trust,
+		 [AC_DEFINE(HAVE_GNUTLS_CERTIFICATE_SET_X509_SYSTEM_TRUST, 1)], [])
     AC_CHECK_FUNC(gnutls_pkcs12_simple_parse,
 		 [AC_DEFINE(HAVE_GNUTLS_PKCS12_SIMPLE_PARSE, 1)], [])
     AC_CHECK_FUNC(gnutls_session_set_premaster,

diff --git a/gnutls.c b/gnutls.c
@@ -941,9 +941,13 @@ int openconnect_open_https(struct openconnect_info *vpninfo)
 
 	if (!vpninfo->https_cred) {
 		gnutls_certificate_allocate_credentials(&vpninfo->https_cred);
+#ifdef HAVE_GNUTLS_CERTIFICATE_SET_X509_SYSTEM_TRUST
+		gnutls_certificate_set_x509_system_trust(vpninfo->https_cred);
+#else
 		gnutls_certificate_set_x509_trust_file(vpninfo->https_cred,
 						       "/etc/pki/tls/certs/ca-bundle.crt",
 						       GNUTLS_X509_FMT_PEM);
+#endif
 		gnutls_certificate_set_verify_function (vpninfo->https_cred,
 							verify_peer);
 		/* FIXME: Ensure TLSv1.0, no options */