gnutls/gnutls-implement-trust-store-dir-3.2.8.diff

Index: gnutls-3.2.10/configure.ac
===================================================================
--- gnutls-3.2.10.orig/configure.ac
+++ gnutls-3.2.10/configure.ac
@@ -466,6 +466,25 @@ if test "$with_default_trust_store_file"
   with_default_trust_store_file=""
 fi
 
+AC_ARG_WITH([default-trust-store-dir],
+  [AS_HELP_STRING([--with-default-trust-store-dir=DIRECTORY],
+    [use the given directory as default trust store])], with_default_trust_store_dir="$withval",
+  [if test "$build" = "$host" ; then
+  for i in \
+    /etc/ssl/certs/
+    do
+    if test -e $i ; then
+      with_default_trust_store_dir="$i"
+      break
+    fi
+  done
+  fi]
+)
+
+if test "$with_default_trust_store_dir" = "no";then
+  with_default_trust_store_dir=""
+fi
+
 AC_ARG_WITH([default-crl-file],
   [AS_HELP_STRING([--with-default-crl-file=FILE],
     [use the given CRL file as default])])
@@ -479,6 +498,11 @@ if test "x$with_default_trust_store_file
     ["$with_default_trust_store_file"], [use the given file default trust store])
 fi
 
+if test "x$with_default_trust_store_dir" != x; then
+  AC_DEFINE_UNQUOTED([DEFAULT_TRUST_STORE_DIR],
+    ["$with_default_trust_store_dir"], [use the given directory default trust store])
+fi
+
 if test "x$with_default_crl_file" != x; then
   AC_DEFINE_UNQUOTED([DEFAULT_CRL_FILE],
     ["$with_default_crl_file"], [use the given CRL file])
@@ -770,6 +794,7 @@ AC_MSG_NOTICE([System files:
 
   Trust store pkcs11:   $with_default_trust_store_pkcs11
   Trust store file:     $with_default_trust_store_file
+  Trust store dir:      $with_default_trust_store_dir
   Blacklist file:       $with_default_blacklist_file
   CRL file:             $with_default_crl_file
   DNSSEC root key file: $unbound_root_key_file
Index: gnutls-3.2.10/lib/system.c
===================================================================
--- gnutls-3.2.10.orig/lib/system.c
+++ gnutls-3.2.10/lib/system.c
@@ -364,7 +364,45 @@ int _gnutls_find_config_path(char *path,
 	return 0;
 }
 
-#if defined(DEFAULT_TRUST_STORE_FILE) || (defined(DEFAULT_TRUST_STORE_PKCS11) && defined(ENABLE_PKCS11))
+/* Used by both Android code and by Linux TRUST_STORE_DIR /etc/ssl/certs code */
+#if defined(DEFAULT_TRUST_STORE_DIR) || defined(ANDROID) || defined(__ANDROID__)
+# include <dirent.h>
+# include <unistd.h>
+static int load_dir_certs(const char* dirname, gnutls_x509_trust_list_t list, 
+       unsigned int tl_flags, unsigned int tl_vflags, unsigned type)
+{
+DIR * dirp;
+struct dirent *d;
+int ret;
+int r = 0;
+char path[GNUTLS_PATH_MAX];
+
+  dirp = opendir(dirname);
+  if (dirp != NULL) 
+    {
+      do
+        {
+         d = readdir(dirp);
+         if (d != NULL && d->d_type == DT_REG) 
+           {
+               snprintf(path, sizeof(path), "%s/%s", dirname, d->d_name);
+
+                ret = gnutls_x509_trust_list_add_trust_file(list, path, NULL, type, tl_flags, tl_vflags);
+                if (ret >= 0)
+                  r += ret;
+           }
+       }
+      while(d != NULL);
+      closedir(dirp);
+    }
+    
+  return r;
+}
+#endif
+
+
+#if defined(DEFAULT_TRUST_STORE_FILE) || (defined(DEFAULT_TRUST_STORE_PKCS11) && defined(ENABLE_PKCS11)) || defined(DEFAULT_TRUST_STORE_DIR)
+
 static
 int
 add_system_trust(gnutls_x509_trust_list_t list,
@@ -400,6 +438,12 @@ add_system_trust(gnutls_x509_trust_list_
 		r += ret;
 #endif
 
+# ifdef DEFAULT_TRUST_STORE_DIR
+  ret = load_dir_certs(DEFAULT_TRUST_STORE_DIR, list, tl_flags, tl_vflags, GNUTLS_X509_FMT_PEM);
+  if (ret > 0)
+    r += ret;
+# endif
+
 #ifdef DEFAULT_BLACKLIST_FILE
 	ret = gnutls_x509_trust_list_remove_trust_file(list, DEFAULT_BLACKLIST_FILE, GNUTLS_X509_FMT_PEM);
 	if (ret < 0) {
@@ -474,41 +518,6 @@ int add_system_trust(gnutls_x509_trust_l
 	return r;
 }
 #elif defined(ANDROID) || defined(__ANDROID__)
-#include <dirent.h>
-#include <unistd.h>
-static int load_dir_certs(const char *dirname,
-			  gnutls_x509_trust_list_t list,
-			  unsigned int tl_flags, unsigned int tl_vflags,
-			  unsigned type)
-{
-	DIR *dirp;
-	struct dirent *d;
-	int ret;
-	int r = 0;
-	char path[GNUTLS_PATH_MAX];
-
-	dirp = opendir(dirname);
-	if (dirp != NULL) {
-		do {
-			d = readdir(dirp);
-			if (d != NULL && d->d_type == DT_REG) {
-				snprintf(path, sizeof(path), "%s/%s",
-					 dirname, d->d_name);
-
-				ret =
-				    gnutls_x509_trust_list_add_trust_file
-				    (list, path, NULL, type, tl_flags,
-				     tl_vflags);
-				if (ret >= 0)
-					r += ret;
-			}
-		}
-		while (d != NULL);
-		closedir(dirp);
-	}
-
-	return r;
-}
 
 static int load_revoked_certs(gnutls_x509_trust_list_t list, unsigned type)
 {