TLS

- Connected code paths to use CA or trust.

src/TLSClient.cpp

@@ -156,17 +156,19 @@ void TLSClient::trust (bool value)
 
 ////////////////////////////////////////////////////////////////////////////////
 void TLSClient::init (
+  const std::string& ca,
   const std::string& cert,
   const std::string& key)
 {
+  _ca   = ca;
   _cert = cert;
   _key  = key;
 
   gnutls_global_init ();
   gnutls_certificate_allocate_credentials (&_credentials);
 
-  if (_cert != "" &&
+  if (_ca != "" &&
-      gnutls_certificate_set_x509_trust_file (_credentials, _cert.c_str (), GNUTLS_X509_FMT_PEM) < 0)
+      gnutls_certificate_set_x509_trust_file (_credentials, _ca.c_str (), GNUTLS_X509_FMT_PEM) < 0)
     throw std::string ("Missing CA file.");
 
   if (_cert != "" &&

src/TLSClient.h

@@ -40,7 +40,7 @@ public:
   void limit (int);
   void debug (int);
   void trust (bool);
-  void init (const std::string&, const std::string&);
+  void init (const std::string&, const std::string&, const std::string&);
   void connect (const std::string&, const std::string&);
   void bye ();
 

src/commands/CmdSync.cpp

@@ -344,11 +344,8 @@ bool CmdSync::send (
     TLSClient client;
     client.debug (context.config.getInteger ("debug.tls"));
 
-    // TODO Either use 'ca' or 'trust', but not both.
+    client.trust (trust);
-    if (trust && ca == "")
+    client.init (ca, certificate, key);
-      client.trust (trust);
-
-    client.init (certificate, key);
     client.connect (server, port);
     client.send (request.serialize () + "\n");