["$with_default_trust_store_pkcs11"], [use the given pkcs11 uri as default trust store])
fi
+AC_ARG_WITH([default-trust-store-dir],
+ [AS_HELP_STRING([--with-default-trust-store-dir=DIR],
+ [use the given directory as default trust store])])
+
+if test "x$with_default_trust_store_dir" != x; then
+ AC_DEFINE_UNQUOTED([DEFAULT_TRUST_STORE_DIR],
+ ["$with_default_trust_store_dir"], [use the given directory as default trust store])
+fi
+
dnl auto detect http://lists.gnu.org/archive/html/help-gnutls/2012-05/msg00004.html
AC_ARG_WITH([default-trust-store-file],
[AS_HELP_STRING([--with-default-trust-store-file=FILE],
[use the given file default trust store])], with_default_trust_store_file="$withval",
- [if test "$build" = "$host" && test x$with_default_trust_store_pkcs11 = x;then
+ [if test "$build" = "$host" && test x$with_default_trust_store_pkcs11 = x && test x$with_default_trust_store_dir = x;then
for i in \
/etc/ssl/ca-bundle.pem \
/etc/ssl/certs/ca-certificates.crt \
AC_MSG_NOTICE([System files:
Trust store pkcs11: $with_default_trust_store_pkcs11
+ Trust store dir: $with_default_trust_store_dir
Trust store file: $with_default_trust_store_file
Blacklist file: $with_default_blacklist_file
CRL file: $with_default_crl_file
return r;
}
-#elif defined(ANDROID) || defined(__ANDROID__)
-#include <dirent.h>
-#include <unistd.h>
-static int load_dir_certs(const char *dirname,
- gnutls_x509_trust_list_t list,
- unsigned int tl_flags, unsigned int tl_vflags,
- unsigned type)
+#elif defined(ANDROID) || defined(__ANDROID__) || defined(DEFAULT_TRUST_STORE_DIR)
+
+# include <dirent.h>
+# include <unistd.h>
+
+# if defined(ANDROID) || defined(__ANDROID__)
+# define DEFAULT_TRUST_STORE_DIR "/system/etc/security/cacerts/"
+
+static int load_revoked_certs(gnutls_x509_trust_list_t list, unsigned type)
{
DIR *dirp;
struct dirent *d;
int r = 0;
char path[GNUTLS_PATH_MAX];
- dirp = opendir(dirname);
+ dirp = opendir("/data/misc/keychain/cacerts-removed/");
if (dirp != NULL) {
do {
d = readdir(dirp);
if (d != NULL && d->d_type == DT_REG) {
- snprintf(path, sizeof(path), "%s/%s",
- dirname, d->d_name);
+ snprintf(path, sizeof(path),
+ "/data/misc/keychain/cacerts-removed/%s",
+ d->d_name);
ret =
- gnutls_x509_trust_list_add_trust_file
- (list, path, NULL, type, tl_flags,
- tl_vflags);
+ gnutls_x509_trust_list_remove_trust_file
+ (list, path, type);
if (ret >= 0)
r += ret;
}
return r;
}
+# endif
-static int load_revoked_certs(gnutls_x509_trust_list_t list, unsigned type)
+static int load_dir_certs(const char *dirname,
+ gnutls_x509_trust_list_t list,
+ unsigned int tl_flags, unsigned int tl_vflags,
+ unsigned type)
{
DIR *dirp;
struct dirent *d;
int r = 0;
char path[GNUTLS_PATH_MAX];
- dirp = opendir("/data/misc/keychain/cacerts-removed/");
+ dirp = opendir(dirname);
if (dirp != NULL) {
do {
d = readdir(dirp);
if (d != NULL && d->d_type == DT_REG) {
- snprintf(path, sizeof(path),
- "/data/misc/keychain/cacerts-removed/%s",
- d->d_name);
+ snprintf(path, sizeof(path), "%s/%s",
+ dirname, d->d_name);
ret =
- gnutls_x509_trust_list_remove_trust_file
- (list, path, type);
+ gnutls_x509_trust_list_add_trust_file
+ (list, path, NULL, type, tl_flags,
+ tl_vflags);
if (ret >= 0)
r += ret;
}
return r;
}
+
/* This works on android 4.x
*/
static
int r = 0, ret;
ret =
- load_dir_certs("/system/etc/security/cacerts/", list, tl_flags,
+ load_dir_certs(DEFAULT_TRUST_STORE_DIR, list, tl_flags,
tl_vflags, GNUTLS_X509_FMT_PEM);
if (ret >= 0)
r += ret;
+# if defined(ANDROID) || defined(__ANDROID__)
ret = load_revoked_certs(list, GNUTLS_X509_FMT_DER);
if (ret >= 0)
r -= ret;
tl_flags, tl_vflags, GNUTLS_X509_FMT_DER);
if (ret >= 0)
r += ret;
+# endif
return r;
}
projects / thirdparty / gnutls.git / commitdiff
