WITH_GNUTLS

ssl/gnutls.c

@@ -21,6 +21,7 @@ hssl_ctx_t hssl_ctx_init(hssl_ctx_init_param_t* param) {
     const char* crt_file = NULL;
     const char* key_file = NULL;
     const char* ca_file = NULL;
+    const char* ca_path = NULL;
 
     int ret = gnutls_certificate_allocate_credentials(&ctx);
     if (ret != GNUTLS_E_SUCCESS) {
@@ -37,6 +38,9 @@ hssl_ctx_t hssl_ctx_init(hssl_ctx_init_param_t* param) {
         if (param->ca_file && *param->ca_file) {
             ca_file = param->ca_file;
         }
+        if (param->ca_path && *param->ca_path) {
+            ca_path = param->ca_path;
+        }
 
         if (ca_file) {
             ret = gnutls_certificate_set_x509_trust_file(ctx, ca_file, GNUTLS_X509_FMT_PEM);
@@ -46,6 +50,14 @@ hssl_ctx_t hssl_ctx_init(hssl_ctx_init_param_t* param) {
             }
         }
 
+        if (ca_path) {
+            ret = gnutls_certificate_set_x509_trust_dir(ctx, ca_path, GNUTLS_X509_FMT_PEM);
+            if (ret < 0) {
+                fprintf(stderr, "ssl ca_file failed!\n");
+                goto error;
+            }
+        }
+
         if (crt_file && key_file) {
             ret = gnutls_certificate_set_x509_key_file(ctx, crt_file, key_file, GNUTLS_X509_FMT_PEM);
             if (ret != GNUTLS_E_SUCCESS) {
@@ -54,7 +66,7 @@ hssl_ctx_t hssl_ctx_init(hssl_ctx_init_param_t* param) {
             }
         }
 
-        if (param->verify_peer && !ca_file) {
+        if (param->verify_peer && !ca_file && !ca_path) {
             gnutls_certificate_set_x509_system_trust(ctx);
         }
     }

ssl/hssl.h

@@ -7,7 +7,7 @@
 #if !defined(WITH_OPENSSL) &&   \
     !defined(WITH_GNUTLS)  &&   \
     !defined(WITH_MBEDTLS)
-#if OS_WIN
+#ifdef OS_WIN
 #define WITH_WINTLS
 #elif defined(OS_DARWIN)
 #define WITH_APPLETLS