Be more conservative with examples and changed semantics of gnutls_certificate_set_x509_system_trust(). gnutls_certificate_set_x509_system_trust() returns GNUTLS_E_UNIMPLEMENTED_FEATURE on systems that do not have a (known) default trust store.

1 files changed, 3 insertions, 6 deletions

diff --git a/doc/examples/ex-client-x509.c b/doc/examples/ex-client-x509.c
index e442886b48..ab46118fbc 100644
--- a/doc/examples/ex-client-x509.c
+++ b/doc/examples/ex-client-x509.c
@@ -17,7 +17,7 @@
  */
 
 #define MAX_BUF 1024
-/* #define CAFILE "/etc/ssl/certs/ca-certificates.crt" */
+#define CAFILE "/etc/ssl/certs/ca-certificates.crt"
 #define MSG "GET / HTTP/1.0\r\n\r\n"
 
 extern int tcp_connect (void);
@@ -37,12 +37,9 @@ int main (void)
   /* X509 stuff */
   gnutls_certificate_allocate_credentials (&xcred);
 
-  /* sets the trusted cas to be the system ones
+  /* sets the trusted cas file
    */
-  gnutls_certificate_set_x509_system_trust(xcred); 
-  /* gnutls_certificate_set_x509_trust_file (xcred, CAFILE, GNUTLS_X509_FMT_PEM); 
-   */
-
+  gnutls_certificate_set_x509_trust_file (xcred, CAFILE, GNUTLS_X509_FMT_PEM);
   gnutls_certificate_set_verify_function (xcred, _verify_certificate_callback);
   
   /* If client holds a certificate it can be set using the following: