[glib-networking/tls] gnutls: implement GTlsConnection:use-system-certdb

[Dan Winship <danw src gnome org>]

commit b29e8fc5023765c8b962049fde664fa9b0f2773b
Author: Dan Winship <danw gnome org>
Date:   Wed Dec 1 13:59:21 2010 -0500

    gnutls: implement GTlsConnection:use-system-certdb

 tls/gnutls/gtlsconnection-gnutls.c |   28 ++++++++++++++++++++++------
 1 files changed, 22 insertions(+), 6 deletions(-)
---
diff --git a/tls/gnutls/gtlsconnection-gnutls.c b/tls/gnutls/gtlsconnection-gnutls.c
index 96b8a85..f7382c2 100644
--- a/tls/gnutls/gtlsconnection-gnutls.c
+++ b/tls/gnutls/gtlsconnection-gnutls.c
@@ -92,7 +92,8 @@ enum
   PROP_0,
   PROP_BASE_IO_STREAM,
   PROP_REQUIRE_CLOSE_NOTIFY,
-  PROP_REHANDSHAKE_MODE
+  PROP_REHANDSHAKE_MODE,
+  PROP_USE_SYSTEM_CERTDB
 };
 
 struct _GTlsConnectionGnutlsPrivate
@@ -106,6 +107,7 @@ struct _GTlsConnectionGnutlsPrivate
   gnutls_session session;
   gboolean require_close_notify;
   GTlsRehandshakeMode rehandshake_mode;
+  gboolean use_system_certdb;
   gboolean need_handshake, handshaking, ever_handshaked;
   gboolean closing;
 
@@ -144,6 +146,7 @@ g_tls_connection_gnutls_class_init (GTlsConnectionGnutlsClass *klass)
   g_object_class_override_property (gobject_class, PROP_BASE_IO_STREAM, "base-io-stream");
   g_object_class_override_property (gobject_class, PROP_REQUIRE_CLOSE_NOTIFY, "require-close-notify");
   g_object_class_override_property (gobject_class, PROP_REHANDSHAKE_MODE, "rehandshake-mode");
+  g_object_class_override_property (gobject_class, PROP_USE_SYSTEM_CERTDB, "use-system-certdb");
 }
 
 static void
@@ -171,8 +174,6 @@ g_tls_connection_gnutls_initable_init (GInitable     *initable,
 {
   GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (initable);
   gboolean client, use_ssl3 = FALSE;
-  gnutls_x509_crt_t *cas;
-  int num_cas;
   int status;
 
   g_return_val_if_fail (gnutls->priv->base_istream != NULL &&
@@ -205,9 +206,6 @@ g_tls_connection_gnutls_initable_init (GInitable     *initable,
       return FALSE;
     }
 
-  g_tls_backend_gnutls_get_system_ca_list_gnutls (&cas, &num_cas);
-  gnutls_certificate_set_x509_trust (gnutls->priv->creds, cas, num_cas);
-
   status = gnutls_credentials_set (gnutls->priv->session,
 				   GNUTLS_CRD_CERTIFICATE,
 				   gnutls->priv->creds);
@@ -278,6 +276,10 @@ g_tls_connection_gnutls_get_property (GObject    *object,
       g_value_set_enum (value, gnutls->priv->rehandshake_mode);
       break;
 
+    case PROP_USE_SYSTEM_CERTDB:
+      g_value_set_boolean (value, gnutls->priv->use_system_certdb);
+      break;
+
     default:
       G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
     }
@@ -325,6 +327,20 @@ g_tls_connection_gnutls_set_property (GObject      *object,
       gnutls->priv->rehandshake_mode = g_value_get_enum (value);
       break;
 
+    case PROP_USE_SYSTEM_CERTDB:
+      gnutls->priv->use_system_certdb = g_value_get_boolean (value);
+
+      gnutls_certificate_free_cas (gnutls->priv->creds);
+      if (gnutls->priv->use_system_certdb)
+	{
+	  gnutls_x509_crt_t *cas;
+	  int num_cas;
+
+	  g_tls_backend_gnutls_get_system_ca_list_gnutls (&cas, &num_cas);
+	  gnutls_certificate_set_x509_trust (gnutls->priv->creds, cas, num_cas);
+	}
+      break;
+
     default:
       G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
     }