TW-1855: "Well-known" CA certificates not properly auto-loaded

- Thanks to Flavio Poletti.
2025-06-26 10:54:26 +02:00 · 2016-12-19 12:16:22 -05:00 · 2016-12-19 12:16:22 -05:00 · 934f6aeada
commit 934f6aeada
parent 72463f414c
3 changed files with 10 additions and 0 deletions
--- a/1
+++ b/1
@ -135,6 +135,7 @@ The following submitted code, packages or analysis, and deserve special thanks:
  Zachary Manning
  jrabbit
  Jelle van der Waa
+  Flavio Poletti

 Thanks to the following, who submitted detailed bug reports and excellent
 suggestions:
--- a/2
+++ b/2
@ -26,6 +26,8 @@
          (thanks to george js).
 - TW-1820 Install with -DLANGUAGE=2 flag not work.
          (thanks to E. Manuel Cerr'on Angeles)
+- TW-1855 "Well-known" CA certificates not properly auto-loaded
+          (thanks to Flavio Poletti).
 - TW-1857 Change Task::get call to the more efficient Task::has
          (thanks to Zachary Manning).
 - TW-1873 Specify different path to extensions/hooks directory
--- a/src/TLSClient.cpp
+++ b/src/TLSClient.cpp
@ -150,6 +150,13 @@ void TLSClient::init (
  if (ret < 0)
    throw format ("TLS allocation error. {1}", gnutls_strerror (ret)); // All

+#if GNUTLS_VERSION_NUMBER >= 0x030014
+  // Automatic loading of system installed CA certificates.
+  ret = gnutls_certificate_set_x509_system_trust (_credentials); // 3.0.20
+  if (ret < 0)
+    throw format ("Bad System Trust. {1}", gnutls_strerror (ret)); // All
+#endif
+
  if (_ca != "" &&
      (ret = gnutls_certificate_set_x509_trust_file (_credentials, _ca.c_str (), GNUTLS_X509_FMT_PEM)) < 0) // All
    throw format ("Bad CA file. {1}", gnutls_strerror (ret)); // All