Added configure option --with-default-blacklist-file

This option allows to specify a file containing blacklisted certificates. Conflicts: lib/system.c
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2013-12-16 13:03:24 +0100
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2013-12-16 13:16:23 +0100
commit: b9f3e19ae9c4b9064b1a919e924fc20c36c9c4c7 (patch)
tree: 671b9577d98b69e9b6bca108d642e1c415193a3d /lib
parent: 318f77f560442fa32b565fadae98c518d31150d2 (diff)
download: gnutls-b9f3e19ae9c4b9064b1a919e924fc20c36c9c4c7.tar.gz
1 files changed, 14 insertions, 0 deletions
diff --git a/lib/system.c b/lib/system.c
index 1c73fc0531..78f252083b 100644
--- a/lib/system.c
+++ b/lib/system.c
@@ -413,6 +413,13 @@ add_system_trust(gnutls_x509_trust_list_t list,
     r += ret;
 # endif
 
+#ifdef DEFAULT_BLACKLIST_FILE
+  ret = gnutls_x509_trust_list_remove_trust_file(list, DEFAULT_BLACKLIST_FILE, GNUTLS_X509_FMT_PEM);
+  if (ret < 0) {
+	_gnutls_debug_log("Could not load blacklist file '%s'\n", DEFAULT_BLACKLIST_FILE);
+  }
+#endif
+
   return r;
 }
 #elif defined(_WIN32)
@@ -463,6 +470,13 @@ int add_system_trust(gnutls_x509_trust_list_t list, unsigned int tl_flags, unsig
     CertCloseStore(store, 0);
   }
   
+#ifdef DEFAULT_BLACKLIST_FILE
+  ret = gnutls_x509_trust_list_remove_trust_file(list, DEFAULT_BLACKLIST_FILE, GNUTLS_X509_FMT_PEM);
+  if (ret < 0) {
+	_gnutls_debug_log("Could not load blacklist file '%s'\n", DEFAULT_BLACKLIST_FILE);
+  }
+#endif
+
   return r;
 }
 #elif defined(ANDROID) || defined(__ANDROID__)
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2013-12-16 13:03:24 +0100
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2013-12-16 13:16:23 +0100
commit	b9f3e19ae9c4b9064b1a919e924fc20c36c9c4c7 (patch)
tree	671b9577d98b69e9b6bca108d642e1c415193a3d /lib
parent	318f77f560442fa32b565fadae98c518d31150d2 (diff)
download	gnutls-b9f3e19ae9c4b9064b1a919e924fc20c36c9c4c7.tar.gz