From: Nikos Mavrogiannopoulos Date: Mon, 16 Dec 2013 12:03:24 +0000 (+0100) Subject: Added configure option --with-default-blacklist-file X-Git-Tag: gnutls_3_3_0pre0~443 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=7eb358428c0487e07199cdb855342f9948d84057;p=thirdparty%2Fgnutls.git Added configure option --with-default-blacklist-file This option allows to specify a file containing blacklisted certificates. --- diff --git a/configure.ac b/configure.ac index 2074e96fb3..87430804f3 100644 --- a/configure.ac +++ b/configure.ac @@ -499,6 +499,10 @@ AC_ARG_WITH([default-crl-file], [AS_HELP_STRING([--with-default-crl-file=FILE], [use the given CRL file as default])]) +AC_ARG_WITH([default-blacklist-file], + [AS_HELP_STRING([--with-default-blacklist-file=FILE], + [use the given certificate blacklist file as default])]) + if test "x$with_default_trust_store_file" != x; then AC_DEFINE_UNQUOTED([DEFAULT_TRUST_STORE_FILE], ["$with_default_trust_store_file"], [use the given file default trust store]) @@ -509,6 +513,11 @@ if test "x$with_default_crl_file" != x; then ["$with_default_crl_file"], [use the given CRL file]) fi +if test "x$with_default_blacklist_file" != x; then + AC_DEFINE_UNQUOTED([DEFAULT_BLACKLIST_FILE], + ["$with_default_blacklist_file"], [use the given certificate blacklist file]) +fi + dnl Guile bindings. opt_guile_bindings=yes AC_MSG_CHECKING([whether building Guile bindings]) @@ -792,6 +801,7 @@ AC_MSG_NOTICE([System files: Trust store pkcs: $with_default_trust_store_pkcs11 Trust store file: $with_default_trust_store_file + Blacklist file: $with_default_blacklist_file CRL file: $with_default_crl_file DNSSEC root key file: $unbound_root_key_file ]) diff --git a/lib/system.c b/lib/system.c index 930333c45e..a5a860f464 100644 --- a/lib/system.c +++ b/lib/system.c @@ -385,6 +385,13 @@ add_system_trust(gnutls_x509_trust_list_t list, r += ret; #endif +#ifdef DEFAULT_BLACKLIST_FILE + ret = gnutls_x509_trust_list_remove_trust_file(list, DEFAULT_BLACKLIST_FILE, GNUTLS_X509_FMT_PEM); + if (ret < 0) { + _gnutls_debug_log("Could not load blacklist file '%s'\n", DEFAULT_BLACKLIST_FILE); + } +#endif + return r; } #elif defined(_WIN32) @@ -442,6 +449,13 @@ int add_system_trust(gnutls_x509_trust_list_t list, unsigned int tl_flags, CertCloseStore(store, 0); } +#ifdef DEFAULT_BLACKLIST_FILE + ret = gnutls_x509_trust_list_remove_trust_file(list, DEFAULT_BLACKLIST_FILE, GNUTLS_X509_FMT_PEM); + if (ret < 0) { + _gnutls_debug_log("Could not load blacklist file '%s'\n", DEFAULT_BLACKLIST_FILE); + } +#endif + return r; } #elif defined(ANDROID) || defined(__ANDROID__)