diff options
author | Pierre Ossman <ossman@cendio.se> | 2018-08-16 13:28:37 +0200 |
---|---|---|
committer | Pierre Ossman <ossman@cendio.se> | 2018-08-16 13:28:37 +0200 |
commit | c04f756bd256a1172334db673598eadfc93cd7ff (patch) | |
tree | ec10992f6cd8f96a63f2f894ff78779fa43b3c67 | |
parent | 29b5d84eaac8eb317f31ee51e97e49adc621818a (diff) | |
download | tigervnc-c04f756bd256a1172334db673598eadfc93cd7ff.tar.gz tigervnc-c04f756bd256a1172334db673598eadfc93cd7ff.zip |
Use system certificate trust store
Makes it possible to use certificates from all popular CAs with
TigerVNC.
-rw-r--r-- | common/rfb/CSecurityTLS.cxx | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx index 9a698f03..9eeb76cc 100644 --- a/common/rfb/CSecurityTLS.cxx +++ b/common/rfb/CSecurityTLS.cxx @@ -229,6 +229,9 @@ void CSecurityTLS::setParam() if (gnutls_certificate_allocate_credentials(&cert_cred) != GNUTLS_E_SUCCESS) throw AuthFailureException("gnutls_certificate_allocate_credentials failed"); + if (gnutls_certificate_set_x509_system_trust(cert_cred) != GNUTLS_E_SUCCESS) + vlog.error("Could not load system certificate trust store"); + if (*cafile && gnutls_certificate_set_x509_trust_file(cert_cred,cafile,GNUTLS_X509_FMT_PEM) < 0) throw AuthFailureException("load of CA cert failed"); |