diff options
author | Joe Orton <joe@manyfish.uk> | 2022-09-10 09:37:41 +0100 |
---|---|---|
committer | Joe Orton <jorton@apache.org> | 2022-09-10 16:42:11 +0100 |
commit | 11084a4362580a2f1d80ba54a9e46d01b98d3201 (patch) | |
tree | b5ef224b33964baa2b2f86a24d8b2a41c23225a7 | |
parent | a54c8d2b826a363f7bf8f326a621fbd132b4c05f (diff) | |
download | neon-git-11084a4362580a2f1d80ba54a9e46d01b98d3201.tar.gz |
Use GnuTLS system trust function if available.
* src/ne_gnutls.c (ne_ssl_trust_default_ca): Use
gnutls_certificate_set_x509_system_trust() if available.
* macros/neon.m4 (NEON_SSL): Check for presence of
gnutls_certificate_set_x509_system_trust.
-rw-r--r-- | macros/neon.m4 | 1 | ||||
-rw-r--r-- | src/ne_gnutls.c | 4 |
2 files changed, 5 insertions, 0 deletions
diff --git a/macros/neon.m4 b/macros/neon.m4 index a81571d..d877b57 100644 --- a/macros/neon.m4 +++ b/macros/neon.m4 @@ -1034,6 +1034,7 @@ gnutls) gnutls_certificate_get_x509_cas \ gnutls_x509_crt_sign2 \ gnutls_certificate_set_retrieve_function2 \ + gnutls_certificate_set_x509_system_trust \ gnutls_privkey_import_ext]) # fail if gnutls_x509_crt_sign2 is not found (it was introduced in 1.2.0, which is required) diff --git a/src/ne_gnutls.c b/src/ne_gnutls.c index cf9ed3c..4c37d47 100644 --- a/src/ne_gnutls.c +++ b/src/ne_gnutls.c @@ -1084,6 +1084,10 @@ void ne_ssl_trust_default_ca(ne_session *sess) gnutls_certificate_set_x509_trust_file(sess->ssl_context->cred, NE_SSL_CA_BUNDLE, GNUTLS_X509_FMT_PEM); +#elif defined(HAVE_GNUTLS_CERTIFICATE_SET_X509_SYSTEM_TRUST) + int rv = gnutls_certificate_set_x509_system_trust(sess->ssl_context->cred); + + NE_DEBUG(NE_DBG_SSL, "ssl: System certificates trusted (%d)\n", rv); #endif } |