=== modified file 'lisp/net/gnutls.el' --- lisp/net/gnutls.el 2012-02-12 21:40:25 +0000 +++ lisp/net/gnutls.el 2012-02-13 16:20:13 +0000 @@ -51,6 +51,19 @@ :type '(choice (const nil) string)) +(defcustom gnutls-trustfiles + '( + "/etc/ssl/certs/ca-certificates.crt" ; Debian, Ubuntu, Gentoo and Arch Linux + "/etc/pki/tls/certs/ca-bundle.crt" ; Fedora and RHEL + "/etc/ssl/ca-bundle.pem" ; Suse + ) + "List of CA bundle location filenames or a function returning said list. +The files may be in PEM or DER format, as per the GnuTLS documentation. +The files may not exist, in which case they will be ignored." + :group 'gnutls + :type '(choice (function :tag "Function to produce list of bundle filenames") + (repeat (file :tag "Bundle filename")))) + ;;;###autoload (defcustom gnutls-min-prime-bits nil "The minimum number of bits to be used in Diffie-Hellman key exchange. @@ -118,7 +131,7 @@ PROCESS is a process returned by `open-network-stream'. HOSTNAME is the remote hostname. It must be a valid string. PRIORITY-STRING is as per the GnuTLS docs, default is \"NORMAL\". -TRUSTFILES is a list of CA bundles. +TRUSTFILES is a list of CA bundles. It defaults to `gnutls-trustfiles'. CRLFILES is a list of CRL files. KEYLIST is an alist of (client key file, client cert file) pairs. MIN-PRIME-BITS is the minimum acceptable size of Diffie-Hellman keys @@ -156,10 +169,12 @@ It must be omitted, a number, or nil; if omitted or nil it defaults to GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT." (let* ((type (or type 'gnutls-x509pki)) - (default-trustfile "/etc/ssl/certs/ca-certificates.crt") (trustfiles (or trustfiles - (when (file-exists-p default-trustfile) - (list default-trustfile)))) + (delq nil + (mapcar (lambda (f) (and f (file-exists-p f) f)) + (if (functionp gnutls-trustfiles) + (funcall gnutls-trustfiles) + gnutls-trustfiles))))) (priority-string (or priority-string (cond ((eq type 'gnutls-anon)