gnutls/gnutls-implement-trust-store-dir.diff

Index: gnutls-3.2.3/configure.ac
===================================================================
--- gnutls-3.2.3.orig/configure.ac
+++ gnutls-3.2.3/configure.ac
@@ -418,6 +418,25 @@ if test "$with_default_trust_store_file"
   with_default_trust_store_file=""
 fi
 
+AC_ARG_WITH([default-trust-store-dir],
+  [AS_HELP_STRING([--with-default-trust-store-dir=DIRECTORY],
+    [use the given directory as default trust store])], with_default_trust_store_dir="$withval",
+  [if test "$build" = "$host" ; then
+  for i in \
+    /etc/ssl/certs/
+    do
+    if test -e $i ; then
+      with_default_trust_store_dir="$i"
+      break
+    fi
+  done
+  fi]
+)
+
+if test "$with_default_trust_store_dir" = "no";then
+  with_default_trust_store_dir=""
+fi
+
 AC_ARG_WITH([default-crl-file],
   [AS_HELP_STRING([--with-default-crl-file=FILE],
     [use the given CRL file as default])])
@@ -427,6 +446,11 @@ if test "x$with_default_trust_store_file
     ["$with_default_trust_store_file"], [use the given file default trust store])
 fi
 
+if test "x$with_default_trust_store_dir" != x; then
+  AC_DEFINE_UNQUOTED([DEFAULT_TRUST_STORE_DIR],
+    ["$with_default_trust_store_dir"], [use the given directory default trust store])
+fi
+
 if test "x$with_default_crl_file" != x; then
   AC_DEFINE_UNQUOTED([DEFAULT_CRL_FILE],
     ["$with_default_crl_file"], [use the given CRL file])
@@ -704,6 +728,7 @@ AC_MSG_NOTICE([System files:
 
   Trust store pkcs:     $with_default_trust_store_pkcs11
   Trust store file:     $with_default_trust_store_file
+  Trust store dir:      $with_default_trust_store_dir
   CRL file:             $with_default_crl_file
   DNSSEC root key file: $unbound_root_key_file
 ])
Index: gnutls-3.2.3/lib/system.c
===================================================================
--- gnutls-3.2.3.orig/lib/system.c
+++ gnutls-3.2.3/lib/system.c
@@ -385,7 +385,45 @@ const char *home_dir = getenv ("HOME");
   return 0;
 }
 
-#if defined(DEFAULT_TRUST_STORE_FILE) || (defined(DEFAULT_TRUST_STORE_PKCS11) && defined(ENABLE_PKCS11))
+/* Used by both Android code and by Linux TRUST_STORE_DIR /etc/ssl/certs code */
+#if defined(DEFAULT_TRUST_STORE_DIR) || defined(ANDROID) || defined(__ANDROID__)
+# include <dirent.h>
+# include <unistd.h>
+static int load_dir_certs(const char* dirname, gnutls_x509_trust_list_t list, 
+	unsigned int tl_flags, unsigned int tl_vflags, unsigned type)
+{
+DIR * dirp;
+struct dirent *d;
+int ret;
+int r = 0;
+char path[GNUTLS_PATH_MAX];
+
+  dirp = opendir(dirname);
+  if (dirp != NULL) 
+    {
+      do
+        {
+      	  d = readdir(dirp);
+      	  if (d != NULL && d->d_type == DT_REG) 
+      	    {
+      	  	snprintf(path, sizeof(path), "%s/%s", dirname, d->d_name);
+
+                ret = gnutls_x509_trust_list_add_trust_file(list, path, NULL, type, tl_flags, tl_vflags);
+                if (ret >= 0)
+                  r += ret;
+      	    }
+      	}
+      while(d != NULL);
+      closedir(dirp);
+    }
+    
+  return r;
+}
+#endif
+
+
+#if defined(DEFAULT_TRUST_STORE_FILE) || (defined(DEFAULT_TRUST_STORE_PKCS11) && defined(ENABLE_PKCS11)) || defined(DEFAULT_TRUST_STORE_DIR)
+
 static
 int
 add_system_trust(gnutls_x509_trust_list_t list,
@@ -413,6 +451,12 @@ add_system_trust(gnutls_x509_trust_list_
     r += ret;
 # endif
 
+# ifdef DEFAULT_TRUST_STORE_DIR
+  ret = load_dir_certs(DEFAULT_TRUST_STORE_DIR, list, tl_flags, tl_vflags, GNUTLS_X509_FMT_PEM);
+  if (ret > 0)
+    r += ret;
+# endif
+
   return r;
 }
 #elif defined(_WIN32)
@@ -466,39 +510,6 @@ int add_system_trust(gnutls_x509_trust_l
   return r;
 }
 #elif defined(ANDROID) || defined(__ANDROID__)
-# include <dirent.h>
-# include <unistd.h>
-static int load_dir_certs(const char* dirname, gnutls_x509_trust_list_t list, 
-	unsigned int tl_flags, unsigned int tl_vflags, unsigned type)
-{
-DIR * dirp;
-struct dirent *d;
-int ret;
-int r = 0;
-char path[GNUTLS_PATH_MAX];
-
-  dirp = opendir(dirname);
-  if (dirp != NULL) 
-    {
-      do
-        {
-      	  d = readdir(dirp);
-      	  if (d != NULL && d->d_type == DT_REG) 
-      	    {
-      	  	snprintf(path, sizeof(path), "%s/%s", dirname, d->d_name);
-
-                ret = gnutls_x509_trust_list_add_trust_file(list, path, NULL, type, tl_flags, tl_vflags);
-                if (ret >= 0)
-                  r += ret;
-      	    }
-      	}
-      while(d != NULL);
-      closedir(dirp);
-    }
-    
-  return r;
-}
-
 static int load_revoked_certs(gnutls_x509_trust_list_t list, unsigned type)
 {
 DIR * dirp;