Load system's default trusted Certificate Authorities if available.

src/gnutls.c (gnutls_certificate_set_x509_system_trust) [GNUTLS >= 3.0.20]: Declare for WINDOWSNT. (init_gnutls_functions)(gnutls_certificate_set_x509_system_trust) [GNUTLS >= 3.0.20]: Load from shared library for WINDOWSNT. (fn_gnutls_certificate_set_x509_system_trust) [!WINDOWSNT]: Define new macro. (Fgnutls_boot) [GNUTLS >= 3.0.20]: Call gnutls_certificate_set_x509_system_trust. Log an error message if it fails.
author: Eli Zaretskii 2014-12-14 18:47:51 +0200
committer: Eli Zaretskii 2014-12-14 18:47:51 +0200
commit: e99ce63233398ce5d0bfa47eb1ca4ef0a1df5571 (patch)
tree: d559fd48475c8ea12ebd6015b660eb3c5a616274 /src
parent: 9624075a2cc512b4c3efb155b71feed8f08838dd (diff)
download: emacs-e99ce63233398ce5d0bfa47eb1ca4ef0a1df5571.tar.gz
emacs-e99ce63233398ce5d0bfa47eb1ca4ef0a1df5571.zip
2 files changed, 34 insertions, 0 deletions
diff --git a/src/ChangeLog b/src/ChangeLog
index 12fe16ddab3..fd56186105b 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,16 @@
+2014-12-14  Eli Zaretskii  <eliz@gnu.org>
+        Load system's default trusted Certificate Authorities if available.
+        * gnutls.c (gnutls_certificate_set_x509_system_trust)
+        [GNUTLS >= 3.0.20]: Declare for WINDOWSNT.
+        (init_gnutls_functions)(gnutls_certificate_set_x509_system_trust)
+        [GNUTLS >= 3.0.20]: Load from shared library for WINDOWSNT.
+        (fn_gnutls_certificate_set_x509_system_trust) [!WINDOWSNT]: Define
+        new macro.
+        (Fgnutls_boot) [GNUTLS >= 3.0.20]: Call
+        gnutls_certificate_set_x509_system_trust.  Log an error message if
+        it fails.
 2014-12-13  Paul Eggert  <eggert@cs.ucla.edu>
        * alloc.c (XMALLOC_BASE_ALIGNMENT): Use max_align_t instead of
diff --git a/src/gnutls.c b/src/gnutls.c
index ad4d9974ed7..1feb7e18221 100644
--- a/src/gnutls.c
+++ b/src/gnutls.c
@@ -103,6 +103,11 @@ DEF_GNUTLS_FN (int, gnutls_certificate_set_x509_crl_file,
 DEF_GNUTLS_FN (int, gnutls_certificate_set_x509_key_file,
               (gnutls_certificate_credentials_t, const char *, const char *,
                gnutls_x509_crt_fmt_t));
+#if GNUTLS_VERSION_MAJOR +                                      \
+  (GNUTLS_VERSION_MINOR > 0 || GNUTLS_VERSION_PATCH >= 20) > 3
+DEF_GNUTLS_FN (int, gnutls_certificate_set_x509_system_trust,
+               (gnutls_certificate_credentials_t));
+#endif
 DEF_GNUTLS_FN (int, gnutls_certificate_set_x509_trust_file,
               (gnutls_certificate_credentials_t, const char *,
                gnutls_x509_crt_fmt_t));
@@ -227,6 +232,10 @@ init_gnutls_functions (void)
  LOAD_GNUTLS_FN (library, gnutls_certificate_set_verify_flags);
  LOAD_GNUTLS_FN (library, gnutls_certificate_set_x509_crl_file);
  LOAD_GNUTLS_FN (library, gnutls_certificate_set_x509_key_file);
+#if GNUTLS_VERSION_MAJOR +                                      \
+  (GNUTLS_VERSION_MINOR > 0 || GNUTLS_VERSION_PATCH >= 20) > 3
+  LOAD_GNUTLS_FN (library, gnutls_certificate_set_x509_system_trust);
+#endif
  LOAD_GNUTLS_FN (library, gnutls_certificate_set_x509_trust_file);
  LOAD_GNUTLS_FN (library, gnutls_certificate_type_get);
  LOAD_GNUTLS_FN (library, gnutls_certificate_verify_peers2);
@@ -314,6 +323,10 @@ init_gnutls_functions (void)
 #define fn_gnutls_certificate_set_verify_flags  gnutls_certificate_set_verify_flags
 #define fn_gnutls_certificate_set_x509_crl_file gnutls_certificate_set_x509_crl_file
 #define fn_gnutls_certificate_set_x509_key_file gnutls_certificate_set_x509_key_file
+#if GNUTLS_VERSION_MAJOR +                                      \
+  (GNUTLS_VERSION_MINOR > 0 || GNUTLS_VERSION_PATCH >= 20) > 3
+#define fn_gnutls_certificate_set_x509_system_trust gnutls_certificate_set_x509_system_trust
+#endif
 #define fn_gnutls_certificate_set_x509_trust_file gnutls_certificate_set_x509_trust_file
 #define fn_gnutls_certificate_type_get          gnutls_certificate_type_get
 #define fn_gnutls_certificate_verify_peers2     gnutls_certificate_verify_peers2
@@ -1308,6 +1321,14 @@ one trustfile (usually a CA bundle).  */)
      int file_format = GNUTLS_X509_FMT_PEM;
      Lisp_Object tail;
+#if GNUTLS_VERSION_MAJOR +                                      \
+  (GNUTLS_VERSION_MINOR > 0 || GNUTLS_VERSION_PATCH >= 20) > 3
+      ret = fn_gnutls_certificate_set_x509_system_trust (x509_cred);
+      if (ret < GNUTLS_E_SUCCESS)
+        GNUTLS_LOG2i (4, max_log_level,
+                      "setting system trust failed with code ", ret);
+#endif
      for (tail = trustfiles; CONSP (tail); tail = XCDR (tail))
        {
          Lisp_Object trustfile = XCAR (tail);
author	Eli Zaretskii	2014-12-14 18:47:51 +0200
committer	Eli Zaretskii	2014-12-14 18:47:51 +0200
commit	e99ce63233398ce5d0bfa47eb1ca4ef0a1df5571 (patch)
tree	d559fd48475c8ea12ebd6015b660eb3c5a616274 /src
parent	9624075a2cc512b4c3efb155b71feed8f08838dd (diff)
download	emacs-e99ce63233398ce5d0bfa47eb1ca4ef0a1df5571.tar.gz emacs-e99ce63233398ce5d0bfa47eb1ca4ef0a1df5571.zip

diff --git a/src/ChangeLog b/src/ChangeLog index 12fe16ddab3..fd56186105b 100644 --- a/src/ChangeLog +++ b/src/ChangeLog
@@ -1,3 +1,16 @@
		1	2014-12-14 Eli Zaretskii <eliz@gnu.org>
		2
		3	Load system's default trusted Certificate Authorities if available.
		4	* gnutls.c (gnutls_certificate_set_x509_system_trust)
		5	[GNUTLS >= 3.0.20]: Declare for WINDOWSNT.
		6	(init_gnutls_functions)(gnutls_certificate_set_x509_system_trust)
		7	[GNUTLS >= 3.0.20]: Load from shared library for WINDOWSNT.
		8	(fn_gnutls_certificate_set_x509_system_trust) [!WINDOWSNT]: Define
		9	new macro.
		10	(Fgnutls_boot) [GNUTLS >= 3.0.20]: Call
		11	gnutls_certificate_set_x509_system_trust. Log an error message if
		12	it fails.
		13
1	2014-12-13 Paul Eggert <eggert@cs.ucla.edu>	14	2014-12-13 Paul Eggert <eggert@cs.ucla.edu>
2		15
3	* alloc.c (XMALLOC_BASE_ALIGNMENT): Use max_align_t instead of	16	* alloc.c (XMALLOC_BASE_ALIGNMENT): Use max_align_t instead of


diff --git a/src/gnutls.c b/src/gnutls.c index ad4d9974ed7..1feb7e18221 100644 --- a/src/gnutls.c +++ b/src/gnutls.c
@@ -103,6 +103,11 @@ DEF_GNUTLS_FN (int, gnutls_certificate_set_x509_crl_file,
103	DEF_GNUTLS_FN (int, gnutls_certificate_set_x509_key_file,	103	DEF_GNUTLS_FN (int, gnutls_certificate_set_x509_key_file,
104	(gnutls_certificate_credentials_t, const char , const char ,	104	(gnutls_certificate_credentials_t, const char , const char ,
105	gnutls_x509_crt_fmt_t));	105	gnutls_x509_crt_fmt_t));
		106	#if GNUTLS_VERSION_MAJOR + \
		107	(GNUTLS_VERSION_MINOR > 0 \|\| GNUTLS_VERSION_PATCH >= 20) > 3
		108	DEF_GNUTLS_FN (int, gnutls_certificate_set_x509_system_trust,
		109	(gnutls_certificate_credentials_t));
		110	#endif
106	DEF_GNUTLS_FN (int, gnutls_certificate_set_x509_trust_file,	111	DEF_GNUTLS_FN (int, gnutls_certificate_set_x509_trust_file,
107	(gnutls_certificate_credentials_t, const char *,	112	(gnutls_certificate_credentials_t, const char *,
108	gnutls_x509_crt_fmt_t));	113	gnutls_x509_crt_fmt_t));
@@ -227,6 +232,10 @@ init_gnutls_functions (void)
227	LOAD_GNUTLS_FN (library, gnutls_certificate_set_verify_flags);	232	LOAD_GNUTLS_FN (library, gnutls_certificate_set_verify_flags);
228	LOAD_GNUTLS_FN (library, gnutls_certificate_set_x509_crl_file);	233	LOAD_GNUTLS_FN (library, gnutls_certificate_set_x509_crl_file);
229	LOAD_GNUTLS_FN (library, gnutls_certificate_set_x509_key_file);	234	LOAD_GNUTLS_FN (library, gnutls_certificate_set_x509_key_file);
		235	#if GNUTLS_VERSION_MAJOR + \
		236	(GNUTLS_VERSION_MINOR > 0 \|\| GNUTLS_VERSION_PATCH >= 20) > 3
		237	LOAD_GNUTLS_FN (library, gnutls_certificate_set_x509_system_trust);
		238	#endif
230	LOAD_GNUTLS_FN (library, gnutls_certificate_set_x509_trust_file);	239	LOAD_GNUTLS_FN (library, gnutls_certificate_set_x509_trust_file);
231	LOAD_GNUTLS_FN (library, gnutls_certificate_type_get);	240	LOAD_GNUTLS_FN (library, gnutls_certificate_type_get);
232	LOAD_GNUTLS_FN (library, gnutls_certificate_verify_peers2);	241	LOAD_GNUTLS_FN (library, gnutls_certificate_verify_peers2);
@@ -314,6 +323,10 @@ init_gnutls_functions (void)
314	#define fn_gnutls_certificate_set_verify_flags gnutls_certificate_set_verify_flags	323	#define fn_gnutls_certificate_set_verify_flags gnutls_certificate_set_verify_flags
315	#define fn_gnutls_certificate_set_x509_crl_file gnutls_certificate_set_x509_crl_file	324	#define fn_gnutls_certificate_set_x509_crl_file gnutls_certificate_set_x509_crl_file
316	#define fn_gnutls_certificate_set_x509_key_file gnutls_certificate_set_x509_key_file	325	#define fn_gnutls_certificate_set_x509_key_file gnutls_certificate_set_x509_key_file
		326	#if GNUTLS_VERSION_MAJOR + \
		327	(GNUTLS_VERSION_MINOR > 0 \|\| GNUTLS_VERSION_PATCH >= 20) > 3
		328	#define fn_gnutls_certificate_set_x509_system_trust gnutls_certificate_set_x509_system_trust
		329	#endif
317	#define fn_gnutls_certificate_set_x509_trust_file gnutls_certificate_set_x509_trust_file	330	#define fn_gnutls_certificate_set_x509_trust_file gnutls_certificate_set_x509_trust_file
318	#define fn_gnutls_certificate_type_get gnutls_certificate_type_get	331	#define fn_gnutls_certificate_type_get gnutls_certificate_type_get
319	#define fn_gnutls_certificate_verify_peers2 gnutls_certificate_verify_peers2	332	#define fn_gnutls_certificate_verify_peers2 gnutls_certificate_verify_peers2
@@ -1308,6 +1321,14 @@ one trustfile (usually a CA bundle). */)
1308	int file_format = GNUTLS_X509_FMT_PEM;	1321	int file_format = GNUTLS_X509_FMT_PEM;
1309	Lisp_Object tail;	1322	Lisp_Object tail;
1310		1323
		1324	#if GNUTLS_VERSION_MAJOR + \
		1325	(GNUTLS_VERSION_MINOR > 0 \|\| GNUTLS_VERSION_PATCH >= 20) > 3
		1326	ret = fn_gnutls_certificate_set_x509_system_trust (x509_cred);
		1327	if (ret < GNUTLS_E_SUCCESS)
		1328	GNUTLS_LOG2i (4, max_log_level,
		1329	"setting system trust failed with code ", ret);
		1330	#endif
		1331
1311	for (tail = trustfiles; CONSP (tail); tail = XCDR (tail))	1332	for (tail = trustfiles; CONSP (tail); tail = XCDR (tail))
1312	{	1333	{
1313	Lisp_Object trustfile = XCAR (tail);	1334	Lisp_Object trustfile = XCAR (tail);