Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
ssl_library=gnutls
oldlibs="$LIBS"
LIBS="$LIBS $GNUTLS_LIBS"
+ AC_CHECK_FUNC(gnutls_certificate_set_x509_system_trust,
+ [AC_DEFINE(HAVE_GNUTLS_CERTIFICATE_SET_X509_SYSTEM_TRUST, 1)], [])
AC_CHECK_FUNC(gnutls_pkcs12_simple_parse,
[AC_DEFINE(HAVE_GNUTLS_PKCS12_SIMPLE_PARSE, 1)], [])
AC_CHECK_FUNC(gnutls_session_set_premaster,
if (!vpninfo->https_cred) {
gnutls_certificate_allocate_credentials(&vpninfo->https_cred);
+#ifdef HAVE_GNUTLS_CERTIFICATE_SET_X509_SYSTEM_TRUST
+ gnutls_certificate_set_x509_system_trust(vpninfo->https_cred);
+#else
gnutls_certificate_set_x509_trust_file(vpninfo->https_cred,
"/etc/pki/tls/certs/ca-bundle.crt",
GNUTLS_X509_FMT_PEM);
+#endif
gnutls_certificate_set_verify_function (vpninfo->https_cred,
verify_peer);
/* FIXME: Ensure TLSv1.0, no options */