From 9a1a5ca0bc2cfb17ccf632de3e134b6d789c6855 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Thu, 16 Feb 2017 18:58:27 +0100
Subject: dirmngr: Load all system provided certificates.

* configure.ac: Add option --default-trust-store.
(DEFAULT_TRUST_STORE_FILE): New ac_define.
* dirmngr/certcache.c: Include ksba-io-support.h.
(total_trusted_certificates, total_system_trusted_certificates): New.
(put_cert): Manage the new counters.
(cert_cache_deinit): Reset them.
(cert_cache_print_stats): Print them.
(is_trusted_cert): Add arg WITH_SYSTRUST.  Change all callers to pass
false.
(load_certs_from_file): New.
(load_certs_from_system): New.
(cert_cache_init): Load system certificates.
--

Note that this code does not yet allow to load the system certificates
on Windows.

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 configure.ac | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'configure.ac')

diff --git a/configure.ac b/configure.ac
index ce02d037a..1733c5ad7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -990,6 +990,22 @@ else
   fi
 fi
 
+#
+# Allow to set a fixed trust store file for system provided certificates.
+#
+AC_ARG_WITH([default-trust-store-file],
+            [AC_HELP_STRING([--with-default-trust-store-file=FILE],
+                            [Use FILE as system trust store])],
+            default_trust_store_file="$withval",
+            default_trust_store_file="")
+if test x"$default_trust_store_file" = xno;then
+  default_trust_store_file=""
+fi
+if test x"$default_trust_store_file" != x ; then
+  AC_DEFINE_UNQUOTED([DEFAULT_TRUST_STORE_FILE],
+    ["$default_trust_store_file"], [Use as default system trust store file])
+fi
+
 
 AC_MSG_NOTICE([checking for networking options])
 
-- 
cgit v1.2.3