aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/ChangeLog13
-rw-r--r--src/gnutls.c21
2 files changed, 34 insertions, 0 deletions
diff --git a/src/ChangeLog b/src/ChangeLog
index 12fe16ddab3..fd56186105b 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,16 @@
12014-12-14 Eli Zaretskii <eliz@gnu.org>
2
3 Load system's default trusted Certificate Authorities if available.
4 * gnutls.c (gnutls_certificate_set_x509_system_trust)
5 [GNUTLS >= 3.0.20]: Declare for WINDOWSNT.
6 (init_gnutls_functions)(gnutls_certificate_set_x509_system_trust)
7 [GNUTLS >= 3.0.20]: Load from shared library for WINDOWSNT.
8 (fn_gnutls_certificate_set_x509_system_trust) [!WINDOWSNT]: Define
9 new macro.
10 (Fgnutls_boot) [GNUTLS >= 3.0.20]: Call
11 gnutls_certificate_set_x509_system_trust. Log an error message if
12 it fails.
13
12014-12-13 Paul Eggert <eggert@cs.ucla.edu> 142014-12-13 Paul Eggert <eggert@cs.ucla.edu>
2 15
3 * alloc.c (XMALLOC_BASE_ALIGNMENT): Use max_align_t instead of 16 * alloc.c (XMALLOC_BASE_ALIGNMENT): Use max_align_t instead of
diff --git a/src/gnutls.c b/src/gnutls.c
index ad4d9974ed7..1feb7e18221 100644
--- a/src/gnutls.c
+++ b/src/gnutls.c
@@ -103,6 +103,11 @@ DEF_GNUTLS_FN (int, gnutls_certificate_set_x509_crl_file,
103DEF_GNUTLS_FN (int, gnutls_certificate_set_x509_key_file, 103DEF_GNUTLS_FN (int, gnutls_certificate_set_x509_key_file,
104 (gnutls_certificate_credentials_t, const char *, const char *, 104 (gnutls_certificate_credentials_t, const char *, const char *,
105 gnutls_x509_crt_fmt_t)); 105 gnutls_x509_crt_fmt_t));
106#if GNUTLS_VERSION_MAJOR + \
107 (GNUTLS_VERSION_MINOR > 0 || GNUTLS_VERSION_PATCH >= 20) > 3
108DEF_GNUTLS_FN (int, gnutls_certificate_set_x509_system_trust,
109 (gnutls_certificate_credentials_t));
110#endif
106DEF_GNUTLS_FN (int, gnutls_certificate_set_x509_trust_file, 111DEF_GNUTLS_FN (int, gnutls_certificate_set_x509_trust_file,
107 (gnutls_certificate_credentials_t, const char *, 112 (gnutls_certificate_credentials_t, const char *,
108 gnutls_x509_crt_fmt_t)); 113 gnutls_x509_crt_fmt_t));
@@ -227,6 +232,10 @@ init_gnutls_functions (void)
227 LOAD_GNUTLS_FN (library, gnutls_certificate_set_verify_flags); 232 LOAD_GNUTLS_FN (library, gnutls_certificate_set_verify_flags);
228 LOAD_GNUTLS_FN (library, gnutls_certificate_set_x509_crl_file); 233 LOAD_GNUTLS_FN (library, gnutls_certificate_set_x509_crl_file);
229 LOAD_GNUTLS_FN (library, gnutls_certificate_set_x509_key_file); 234 LOAD_GNUTLS_FN (library, gnutls_certificate_set_x509_key_file);
235#if GNUTLS_VERSION_MAJOR + \
236 (GNUTLS_VERSION_MINOR > 0 || GNUTLS_VERSION_PATCH >= 20) > 3
237 LOAD_GNUTLS_FN (library, gnutls_certificate_set_x509_system_trust);
238#endif
230 LOAD_GNUTLS_FN (library, gnutls_certificate_set_x509_trust_file); 239 LOAD_GNUTLS_FN (library, gnutls_certificate_set_x509_trust_file);
231 LOAD_GNUTLS_FN (library, gnutls_certificate_type_get); 240 LOAD_GNUTLS_FN (library, gnutls_certificate_type_get);
232 LOAD_GNUTLS_FN (library, gnutls_certificate_verify_peers2); 241 LOAD_GNUTLS_FN (library, gnutls_certificate_verify_peers2);
@@ -314,6 +323,10 @@ init_gnutls_functions (void)
314#define fn_gnutls_certificate_set_verify_flags gnutls_certificate_set_verify_flags 323#define fn_gnutls_certificate_set_verify_flags gnutls_certificate_set_verify_flags
315#define fn_gnutls_certificate_set_x509_crl_file gnutls_certificate_set_x509_crl_file 324#define fn_gnutls_certificate_set_x509_crl_file gnutls_certificate_set_x509_crl_file
316#define fn_gnutls_certificate_set_x509_key_file gnutls_certificate_set_x509_key_file 325#define fn_gnutls_certificate_set_x509_key_file gnutls_certificate_set_x509_key_file
326#if GNUTLS_VERSION_MAJOR + \
327 (GNUTLS_VERSION_MINOR > 0 || GNUTLS_VERSION_PATCH >= 20) > 3
328#define fn_gnutls_certificate_set_x509_system_trust gnutls_certificate_set_x509_system_trust
329#endif
317#define fn_gnutls_certificate_set_x509_trust_file gnutls_certificate_set_x509_trust_file 330#define fn_gnutls_certificate_set_x509_trust_file gnutls_certificate_set_x509_trust_file
318#define fn_gnutls_certificate_type_get gnutls_certificate_type_get 331#define fn_gnutls_certificate_type_get gnutls_certificate_type_get
319#define fn_gnutls_certificate_verify_peers2 gnutls_certificate_verify_peers2 332#define fn_gnutls_certificate_verify_peers2 gnutls_certificate_verify_peers2
@@ -1308,6 +1321,14 @@ one trustfile (usually a CA bundle). */)
1308 int file_format = GNUTLS_X509_FMT_PEM; 1321 int file_format = GNUTLS_X509_FMT_PEM;
1309 Lisp_Object tail; 1322 Lisp_Object tail;
1310 1323
1324#if GNUTLS_VERSION_MAJOR + \
1325 (GNUTLS_VERSION_MINOR > 0 || GNUTLS_VERSION_PATCH >= 20) > 3
1326 ret = fn_gnutls_certificate_set_x509_system_trust (x509_cred);
1327 if (ret < GNUTLS_E_SUCCESS)
1328 GNUTLS_LOG2i (4, max_log_level,
1329 "setting system trust failed with code ", ret);
1330#endif
1331
1311 for (tail = trustfiles; CONSP (tail); tail = XCDR (tail)) 1332 for (tail = trustfiles; CONSP (tail); tail = XCDR (tail))
1312 { 1333 {
1313 Lisp_Object trustfile = XCAR (tail); 1334 Lisp_Object trustfile = XCAR (tail);
generated by cgit v1.2.1 (git 2.18.0) at 2026-01-24 12:25:40 +0000