dirmngr: Load all system provided certificates.

* configure.ac: Add option --default-trust-store.
(DEFAULT_TRUST_STORE_FILE): New ac_define.
* dirmngr/certcache.c: Include ksba-io-support.h.
(total_trusted_certificates, total_system_trusted_certificates): New.
(put_cert): Manage the new counters.
(cert_cache_deinit): Reset them.
(cert_cache_print_stats): Print them.
(is_trusted_cert): Add arg WITH_SYSTRUST.  Change all callers to pass
false.
(load_certs_from_file): New.
(load_certs_from_system): New.
(cert_cache_init): Load system certificates.
--

Note that this code does not yet allow to load the system certificates
on Windows.

Signed-off-by: Werner Koch <[email protected]>

1 files changed, 4 insertions, 3 deletions

diff --git a/dirmngr/certcache.h b/dirmngr/certcache.h
index 9986f15c0..ac93ee699 100644
--- a/dirmngr/certcache.h
+++ b/dirmngr/certcache.h
@@ -41,9 +41,10 @@ gpg_error_t cache_cert (ksba_cert_t cert);
 gpg_error_t cache_cert_silent (ksba_cert_t cert, void *fpr_buffer);
 
 /* Return 0 if the certificate is a trusted certificate. Returns
-   GPG_ERR_NOT_TRUSTED if it is not trusted or other error codes in
-   case of systems errors. */
-gpg_error_t is_trusted_cert (ksba_cert_t cert);
+ * GPG_ERR_NOT_TRUSTED if it is not trusted or other error codes in
+ * case of systems errors.  If WITH_SYSTRUST is set also system
+ * provided certificates are considered trusted.  */
+gpg_error_t is_trusted_cert (ksba_cert_t cert, int with_systrust);
 
 
 /* Return a certificate object for the given fingerprint.  FPR is