Use system certificate trust store Makes it possible to use certificates from all popular CAs with TigerVNC.

commit: c04f756bd256a1172334db673598eadfc93cd7ff [log] [tgz]
author: Pierre Ossman <ossman@cendio.se> Thu Aug 16 13:28:37 2018 +0200
committer: Pierre Ossman <ossman@cendio.se> Thu Aug 16 13:28:37 2018 +0200
tree: ec10992f6cd8f96a63f2f894ff78779fa43b3c67
parent: 29b5d84eaac8eb317f31ee51e97e49adc621818a [diff] [blame]
diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx
index 9a698f0..9eeb76c 100644
--- a/common/rfb/CSecurityTLS.cxx
+++ b/common/rfb/CSecurityTLS.cxx

@@ -229,6 +229,9 @@
     if (gnutls_certificate_allocate_credentials(&cert_cred) != GNUTLS_E_SUCCESS)
       throw AuthFailureException("gnutls_certificate_allocate_credentials failed");
 
+    if (gnutls_certificate_set_x509_system_trust(cert_cred) != GNUTLS_E_SUCCESS)
+      vlog.error("Could not load system certificate trust store");
+
     if (*cafile && gnutls_certificate_set_x509_trust_file(cert_cred,cafile,GNUTLS_X509_FMT_PEM) < 0)
       throw AuthFailureException("load of CA cert failed");
commit	c04f756bd256a1172334db673598eadfc93cd7ff	[log] [tgz]
author	Pierre Ossman <ossman@cendio.se>	Thu Aug 16 13:28:37 2018 +0200
committer	Pierre Ossman <ossman@cendio.se>	Thu Aug 16 13:28:37 2018 +0200
tree	ec10992f6cd8f96a63f2f894ff78779fa43b3c67
parent	29b5d84eaac8eb317f31ee51e97e49adc621818a [diff] [blame]