TW-1855: "Well-known" CA certificates not properly auto-loaded

- Thanks to Flavio Poletti.

AUTHORS

@@ -135,6 +135,7 @@ The following submitted code, packages or analysis, and deserve special thanks:
   Zachary Manning
   jrabbit
   Jelle van der Waa
+  Flavio Poletti
 
 Thanks to the following, who submitted detailed bug reports and excellent
 suggestions:

ChangeLog

@@ -26,6 +26,8 @@
           (thanks to george js).
 - TW-1820 Install with -DLANGUAGE=2 flag not work.
           (thanks to E. Manuel Cerr'on Angeles)
+- TW-1855 "Well-known" CA certificates not properly auto-loaded
+          (thanks to Flavio Poletti).
 - TW-1857 Change Task::get call to the more efficient Task::has
           (thanks to Zachary Manning).
 - TW-1873 Specify different path to extensions/hooks directory

src/TLSClient.cpp

@@ -150,6 +150,13 @@ void TLSClient::init (
   if (ret < 0)
     throw format ("TLS allocation error. {1}", gnutls_strerror (ret)); // All
 
+#if GNUTLS_VERSION_NUMBER >= 0x030014
+  // Automatic loading of system installed CA certificates.
+  ret = gnutls_certificate_set_x509_system_trust (_credentials); // 3.0.20
+  if (ret < 0)
+    throw format ("Bad System Trust. {1}", gnutls_strerror (ret)); // All
+#endif
+
   if (_ca != "" &&
       (ret = gnutls_certificate_set_x509_trust_file (_credentials, _ca.c_str (), GNUTLS_X509_FMT_PEM)) < 0) // All
     throw format ("Bad CA file. {1}", gnutls_strerror (ret)); // All