/**
* gnutls_certificate_set_x509_trust_dir:
* @cred: is a #gnutls_certificate_credentials_t type.
* @ca_dir: is a directory containing the list of trusted CAs (DER or PEM list)
* @type: is PEM or DER
*
* This function adds the trusted CAs present in the directory in order to
* verify client or server certificates. This function is identical
* to gnutls_certificate_set_x509_trust_file() but loads all certificates
* in a directory.
*
* Returns: the number of certificates processed
*
* Since: 3.3.6
*
**/
int
gnutls_certificate_set_x509_trust_dir(gnutls_certificate_credentials_t cred,
const char *ca_dir,
gnutls_x509_crt_fmt_t type)
{
int ret;
ret = gnutls_x509_trust_list_add_trust_dir(cred->tlist, ca_dir, NULL,
type, GNUTLS_TL_USE_IN_TLS, 0);
if (ret == GNUTLS_E_NO_CERTIFICATE_FOUND)
return 0;
return ret;
}
/* This works on android 4.x
*/
static
int add_system_trust(gnutls_x509_trust_list_t list, unsigned int tl_flags,
unsigned int tl_vflags)
{
int r = 0, ret;
ret = gnutls_x509_trust_list_add_trust_dir(list, DEFAULT_TRUST_STORE_DIR,
NULL, GNUTLS_X509_FMT_PEM, tl_flags, tl_vflags);
if (ret >= 0)
r += ret;
# if defined(ANDROID) || defined(__ANDROID__)
ret = load_revoked_certs(list, GNUTLS_X509_FMT_DER);
if (ret >= 0)
r -= ret;
ret = gnutls_x509_trust_list_add_trust_dir(list, "/data/misc/keychain/cacerts-added/",
NULL, GNUTLS_X509_FMT_DER, tl_flags, tl_vflags);
if (ret >= 0)
r += ret;
# endif
return r;
}
