From b7fb70c101dd6afff86173f3f5dcb6d99376d11e Mon Sep 17 00:00:00 2001
From: Ludwig Nussel <ludwig.nussel@suse.de>
Date: Mon, 13 Feb 2012 14:42:05 +0100
Subject: [PATCH mumble] don't add hardcoded CA's if NO_SYSTEM_CA_OVERRIDE is
 defined

actually mumble better should never add hardcoded CA certificates,
you never know which one is next to be shut down
---
 src/SSL.cpp |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/src/SSL.cpp b/src/SSL.cpp
index ab9f0c8..40aaf13 100644
--- a/src/SSL.cpp
+++ b/src/SSL.cpp
@@ -36,6 +36,7 @@
 
 /* CAs we recommend to end users, so support these */
 
+#if QT_VERSION < 0x040700 && !defined(NO_SYSTEM_CA_OVERRIDE)
 static const char *recommended_cas[] = {
 	/* StartSSL */
 	"-----BEGIN CERTIFICATE-----\n"
@@ -143,6 +144,7 @@ static const char *recommended_cas[] = {
 
 
 };
+#endif // NO_SYSTEM_CA_OVERRIDE
 
 
 void MumbleSSL::addSystemCA() {
@@ -252,7 +254,6 @@ void MumbleSSL::addSystemCA() {
 		}
 	}
 	QSslSocket::setDefaultCaCertificates(ql);
-#endif // NO_SYSTEM_CA_OVERRIDE
 
 	for (unsigned int i=0;i<sizeof(recommended_cas)/sizeof(recommended_cas[0]);++i) {
 		QSslCertificate cert(recommended_cas[i]);
@@ -261,4 +262,5 @@ void MumbleSSL::addSystemCA() {
 			QSslSocket::addDefaultCaCertificates(QList<QSslCertificate>() << cert);
 		}
 	}
+#endif // NO_SYSTEM_CA_OVERRIDE
 }
-- 
1.7.7