summaryrefslogtreecommitdiff
path: root/lib/system.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/system.c')
-rw-r--r--lib/system.c52
1 files changed, 52 insertions, 0 deletions
diff --git a/lib/system.c b/lib/system.c
index 616c59159a..2873930178 100644
--- a/lib/system.c
+++ b/lib/system.c
@@ -434,6 +434,54 @@ int add_win32_system_trust(gnutls_x509_trust_list_t list, unsigned int tl_flags,
}
#endif
+#ifdef ANDROID
+# include <dirent.h>
+
+static int load_dir_certs(const char* dirname, gnutls_x509_trust_list_t list, unsigned int tl_flags, unsigned int tl_vflags)
+{
+DIR * dirp;
+struct dirent *d;
+int ret;
+int r = 0;
+
+ dirp = opendir(dirname);
+ if (dirp != NULL)
+ {
+ do
+ {
+ d = readdir(dirp);
+ if (d != NULL && d->d_type == DT_REG) {
+ ret = gnutls_x509_trust_list_add_trust_file(list, d->d_name, NULL, GNUTLS_X509_FMT_PEM, tl_flags, tl_vflags);
+ if (ret >= 0)
+ r += ret;
+ }
+ }
+ while(d != NULL);
+ closedir(dirp);
+ }
+
+ return r;
+}
+
+/* This works on android 4.x
+ */
+static
+int add_android_system_trust(gnutls_x509_trust_list_t list, unsigned int tl_flags, unsigned int tl_vflags)
+{
+ int r = 0, ret;
+
+ ret = load_dir_certs("/system/etc/security/cacerts/", list, tl_flags, tl_vflags);
+ if (ret >= 0)
+ r += ret;
+
+ ret = load_dir_certs("/data/misc/keychain/cacerts-added/", list, tl_flags, tl_vflags);
+ if (ret >= 0)
+ r += ret;
+
+ return r;
+}
+#endif
+
/**
* gnutls_x509_trust_list_add_system_trust:
* @list: The structure of the list
@@ -478,6 +526,10 @@ gnutls_x509_trust_list_add_system_trust(gnutls_x509_trust_list_t list,
ret = add_win32_system_trust(list, tl_flags, tl_vflags);
if (ret > 0)
r += ret;
+#elif defined(ANDROID)
+ ret = add_android_system_trust(list, tl_flags, tl_vflags);
+ if (ret > 0)
+ r += ret;
#elif !defined(DEFAULT_TRUST_STORE_PKCS11) && !defined(DEFAULT_TRUST_STORE_FILE)
r = GNUTLS_E_UNIMPLEMENTED_FEATURE;
#endif