[gnutls-devel] GnuTLS | lib/system/certs.c: Add support for SSL_CERT_DIR, SSL_CERT_FILE (!1541)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Wed Feb 23 08:53:02 CET 2022
Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1541 was reviewed by Daiki Ueno
--
Daiki Ueno started a new discussion on lib/system/certs.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1541#note_852052219
> +
> +# if defined(ANDROID) || defined(__ANDROID__)
> +# define DEFAULT_TRUST_STORE_DIR "/system/etc/security/cacerts/"
What about moving this out of the outer `#if` block:
```c
#if defined(ANDROID) || defined(__ANDROID__)
# define DEFAULT_TRUST_STORE_DIR "/system/etc/security/cacerts/"
#endif
#if defined(DEFAULT_TRUST_STORE_DIR) || defined(DEFAULT_TRUST_STORE_FILE) || \
(defined(DEFAULT_TRUST_STORE_PKCS11) && defined(ENABLE_PKCS11))
...
#endif
```
That way `defined(ANDROID) || defined(__ANDROID__)` is checked at the single place, though `load_revoked_certs` below might need to be conditionalized as well.
--
Daiki Ueno started a new discussion on lib/system/certs.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1541#note_852052246
> - if (ret > 0)
> - r += ret;
> + if (r == 0) {
What is the intention behind this check? Besides the fact that `r` is always 0 here, the following code also has this check, so I wonder if it was to make the trust store implementations (PKCS#11, SSL_CERT_DIR, SSL_CERT_FILE, default trust dir) mutually exclusive. In that case do we need to calculate the sum?
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1541
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20220223/be3de4fe/attachment.html>
More information about the Gnutls-devel
mailing list