TW-1855: "Well-known" CA certificates not properly auto-loaded

- Thanks to Flavio Poletti.
2016-12-19 12:16:22 -05:00
parent 2d43cbd2c0
commit a7465d58d7
3 changed files with 10 additions and 0 deletions
--- a/1
+++ b/1
@@ -135,6 +135,7 @@ The following submitted code, packages or analysis, and deserve special thanks:
  Zachary Manning
  jrabbit
  Jelle van der Waa
+  Flavio Poletti

 Thanks to the following, who submitted detailed bug reports and excellent
 suggestions:
--- a/2
+++ b/2
@@ -26,6 +26,8 @@
          (thanks to george js).
 - TW-1820 Install with -DLANGUAGE=2 flag not work.
          (thanks to E. Manuel Cerr'on Angeles)
+- TW-1855 "Well-known" CA certificates not properly auto-loaded
+          (thanks to Flavio Poletti).
 - TW-1857 Change Task::get call to the more efficient Task::has
          (thanks to Zachary Manning).
 - TW-1873 Specify different path to extensions/hooks directory
--- a/src/TLSClient.cpp
+++ b/src/TLSClient.cpp
@@ -150,6 +150,13 @@ void TLSClient::init (
  if (ret < 0)
    throw format ("TLS allocation error. {1}", gnutls_strerror (ret)); // All

+#if GNUTLS_VERSION_NUMBER >= 0x030014
+  // Automatic loading of system installed CA certificates.
+  ret = gnutls_certificate_set_x509_system_trust (_credentials); // 3.0.20
+  if (ret < 0)
+    throw format ("Bad System Trust. {1}", gnutls_strerror (ret)); // All
+#endif
+
  if (_ca != "" &&
      (ret = gnutls_certificate_set_x509_trust_file (_credentials, _ca.c_str (), GNUTLS_X509_FMT_PEM)) < 0) // All
    throw format ("Bad CA file. {1}", gnutls_strerror (ret)); // All