=== modified file 'lisp/net/gnutls.el' --- lisp/net/gnutls.el 2012-02-12 21:40:25 +0000 +++ lisp/net/gnutls.el 2012-02-12 22:11:53 +0000 @@ -51,6 +51,22 @@ :type '(choice (const nil) string)) +(defcustom gnutls-trustfiles '( + ;; Debian, Ubuntu, Gentoo and Arch Linux + "/etc/ssl/certs/ca-certificates.crt" + ;; Fedora and RHEL + "/etc/pki/tls/certs/ca-bundle.crt" + ;; Suse + "/etc/ssl/ca-bundle.pem" + ) + "List of functions or filenames yielding CA bundle locations. +The files may be in PEM or DER format, as per the GnuTLS documentation. +The files may not exist, in which case they will be ignored. +Functions will be called and may return a filename or a list of filenames." + :group 'gnutls + :type '(repeat (choice (function :tag "Function") + (file :tag "Bundle filename")))) + ;;;###autoload (defcustom gnutls-min-prime-bits nil "The minimum number of bits to be used in Diffie-Hellman key exchange. @@ -156,10 +172,14 @@ It must be omitted, a number, or nil; if omitted or nil it defaults to GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT." (let* ((type (or type 'gnutls-x509pki)) - (default-trustfile "/etc/ssl/certs/ca-certificates.crt") (trustfiles (or trustfiles - (when (file-exists-p default-trustfile) - (list default-trustfile)))) + (delq nil + (mapcar (lambda (f) (and f (file-exists-p f) f)) + (gnutls-flatten-list + (mapcar (lambda (tf) (if (functionp tf) + (funcall tf) + tf)) + gnutls-trustfiles)))))) (priority-string (or priority-string (cond ((eq type 'gnutls-anon) @@ -203,6 +223,17 @@ doit (gnutls-error-string doit) (apply 'format format (or params '(nil)))))) +;; copied from `eshell-flatten-list' +(defun gnutls-flatten-list (args) + "Flatten any lists within ARGS, so that there are no sublists." + (let ((new-list (list t))) + (dolist (a args) + (if (and (listp a) + (listp (cdr a))) + (nconc new-list (eshell-flatten-list a)) + (nconc new-list (list a)))) + (cdr new-list))) + (provide 'gnutls) ;;; gnutls.el ends here