diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2013-12-16 13:03:24 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2013-12-16 13:03:27 +0100 |
| commit | 7eb358428c0487e07199cdb855342f9948d84057 (patch) | |
| tree | b54d8883d4f7956e74f5b7d2f264ac28b7f8e465 | |
| parent | 8aa1da17e0b3664412e74a928f52236e646634c7 (diff) | |
| download | gnutls-7eb358428c0487e07199cdb855342f9948d84057.tar.gz | |
Added configure option --with-default-blacklist-file
This option allows to specify a file containing blacklisted certificates.
| -rw-r--r-- | configure.ac | 10 | ||||
| -rw-r--r-- | lib/system.c | 14 |
2 files changed, 24 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac index 2074e96fb3..87430804f3 100644 --- a/configure.ac +++ b/configure.ac @@ -499,6 +499,10 @@ AC_ARG_WITH([default-crl-file], [AS_HELP_STRING([--with-default-crl-file=FILE], [use the given CRL file as default])]) +AC_ARG_WITH([default-blacklist-file], + [AS_HELP_STRING([--with-default-blacklist-file=FILE], + [use the given certificate blacklist file as default])]) + if test "x$with_default_trust_store_file" != x; then AC_DEFINE_UNQUOTED([DEFAULT_TRUST_STORE_FILE], ["$with_default_trust_store_file"], [use the given file default trust store]) @@ -509,6 +513,11 @@ if test "x$with_default_crl_file" != x; then ["$with_default_crl_file"], [use the given CRL file]) fi +if test "x$with_default_blacklist_file" != x; then + AC_DEFINE_UNQUOTED([DEFAULT_BLACKLIST_FILE], + ["$with_default_blacklist_file"], [use the given certificate blacklist file]) +fi + dnl Guile bindings. opt_guile_bindings=yes AC_MSG_CHECKING([whether building Guile bindings]) @@ -792,6 +801,7 @@ AC_MSG_NOTICE([System files: Trust store pkcs: $with_default_trust_store_pkcs11 Trust store file: $with_default_trust_store_file + Blacklist file: $with_default_blacklist_file CRL file: $with_default_crl_file DNSSEC root key file: $unbound_root_key_file ]) diff --git a/lib/system.c b/lib/system.c index 930333c45e..a5a860f464 100644 --- a/lib/system.c +++ b/lib/system.c @@ -385,6 +385,13 @@ add_system_trust(gnutls_x509_trust_list_t list, r += ret; #endif +#ifdef DEFAULT_BLACKLIST_FILE + ret = gnutls_x509_trust_list_remove_trust_file(list, DEFAULT_BLACKLIST_FILE, GNUTLS_X509_FMT_PEM); + if (ret < 0) { + _gnutls_debug_log("Could not load blacklist file '%s'\n", DEFAULT_BLACKLIST_FILE); + } +#endif + return r; } #elif defined(_WIN32) @@ -442,6 +449,13 @@ int add_system_trust(gnutls_x509_trust_list_t list, unsigned int tl_flags, CertCloseStore(store, 0); } +#ifdef DEFAULT_BLACKLIST_FILE + ret = gnutls_x509_trust_list_remove_trust_file(list, DEFAULT_BLACKLIST_FILE, GNUTLS_X509_FMT_PEM); + if (ret < 0) { + _gnutls_debug_log("Could not load blacklist file '%s'\n", DEFAULT_BLACKLIST_FILE); + } +#endif + return r; } #elif defined(ANDROID) || defined(__ANDROID__) |