diff --git a/ChangeLog b/ChangeLog index 50f3d2d4..60426f4f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2010-07-05 Giuseppe Scrivano + + * bootstrap.conf (gnulib_modules): Add `asprintf'. + 2010-06-22 Giuseppe Scrivano * configure.ac: By default use GNU TLS not OpenSSL. diff --git a/bootstrap.conf b/bootstrap.conf index 36778f7c..1692f5c7 100644 --- a/bootstrap.conf +++ b/bootstrap.conf @@ -27,6 +27,7 @@ gnulib_modules=" accept alloca announce-gen +asprintf bind c-ctype close diff --git a/src/ChangeLog b/src/ChangeLog index a062fdfb..21261f49 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,8 @@ +2010-07-05 Giuseppe Scrivano + + * gnutls.c (ssl_init): New local variables `ca_directory' and `dir'. + Load default root certificates under the `ca_directory' directory. + 2010-07-03 Giuseppe Scrivano * gnutls.c (ssl_connect_wget): New local variable `allowed_protocols'. diff --git a/src/gnutls.c b/src/gnutls.c index 3c4c5b4c..adba8560 100644 --- a/src/gnutls.c +++ b/src/gnutls.c @@ -37,6 +37,7 @@ as that of the covered work. */ #endif #include #include +#include #include #include @@ -61,8 +62,42 @@ static gnutls_certificate_credentials credentials; bool ssl_init () { + const char *ca_directory; + DIR *dir; + gnutls_global_init (); gnutls_certificate_allocate_credentials (&credentials); + + ca_directory = opt.ca_directory ? opt.ca_directory : "/etc/ssl/certs"; + + dir = opendir (ca_directory); + if (dir == NULL) + { + if (opt.ca_directory) + logprintf (LOG_NOTQUIET, _("ERROR: Cannot open directory %s.\n"), + opt.ca_directory); + } + else + { + struct dirent *dent; + while ((dent = readdir (dir)) != NULL) + { + struct stat st; + char *ca_file; + asprintf (&ca_file, "%s/%s", ca_directory, dent->d_name); + + stat (ca_file, &st); + + if (S_ISREG (st.st_mode)) + gnutls_certificate_set_x509_trust_file (credentials, ca_file, + GNUTLS_X509_FMT_PEM); + + free (ca_file); + } + + closedir (dir); + } + if (opt.ca_cert) gnutls_certificate_set_x509_trust_file (credentials, opt.ca_cert, GNUTLS_X509_FMT_PEM);