summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPierre Ossman <ossman@cendio.se>2018-08-16 13:28:37 +0200
committerPierre Ossman <ossman@cendio.se>2018-08-16 13:28:37 +0200
commitc04f756bd256a1172334db673598eadfc93cd7ff (patch)
treeec10992f6cd8f96a63f2f894ff78779fa43b3c67
parent29b5d84eaac8eb317f31ee51e97e49adc621818a (diff)
downloadtigervnc-c04f756bd256a1172334db673598eadfc93cd7ff.tar.gz
tigervnc-c04f756bd256a1172334db673598eadfc93cd7ff.zip
Use system certificate trust store
Makes it possible to use certificates from all popular CAs with TigerVNC.
-rw-r--r--common/rfb/CSecurityTLS.cxx3
1 files changed, 3 insertions, 0 deletions
diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx
index 9a698f03..9eeb76cc 100644
--- a/common/rfb/CSecurityTLS.cxx
+++ b/common/rfb/CSecurityTLS.cxx
@@ -229,6 +229,9 @@ void CSecurityTLS::setParam()
if (gnutls_certificate_allocate_credentials(&cert_cred) != GNUTLS_E_SUCCESS)
throw AuthFailureException("gnutls_certificate_allocate_credentials failed");
+ if (gnutls_certificate_set_x509_system_trust(cert_cred) != GNUTLS_E_SUCCESS)
+ vlog.error("Could not load system certificate trust store");
+
if (*cafile && gnutls_certificate_set_x509_trust_file(cert_cred,cafile,GNUTLS_X509_FMT_PEM) < 0)
throw AuthFailureException("load of CA cert failed");