From 5305578a5478cdf45c40fb0f44715199e8f684b3 Mon Sep 17 00:00:00 2001
From: Brian Pepple <bpepple@fedoraproject.org>
Date: Mon, 8 Nov 2010 12:06:18 -0500
Subject: [PATCH] Make ca-certs location configurable more friendly (#31474)

---
 configure.ac     |   35 +++++++++++++++++++++++++++++++----
 src/connection.c |    2 +-
 2 files changed, 32 insertions(+), 5 deletions(-)

diff --git a/configure.ac b/configure.ac
index 273e1b8..10539a2 100644
--- a/configure.ac
+++ b/configure.ac
@@ -96,10 +96,37 @@ TP_COMPILER_WARNINGS([ERROR_CFLAGS], [test "x$official_release" = xno],
    unused-parameter])
 AC_SUBST([ERROR_CFLAGS])
 
-AC_ARG_WITH(ca-certificates,
-    AC_HELP_STRING([--with-ca-certificates],[path to CA certificates @<:@default=/etc/ssl/certs/ca-certificates.crt@:>@]),
-    ca_certificates_path="$withval", ca_certificates_path="/etc/ssl/certs/ca-certificates.crt")
-AC_DEFINE_UNQUOTED(CA_CERTIFICATES_PATH, ["${ca_certificates_path}"], [Path to CA certificates])
+# -----------------------------------------------------------
+# Make CA certificates path configurable
+# Stolen from GIO's TLS
+# -----------------------------------------------------------
+AC_MSG_CHECKING([location of system Certificate Authority list])
+AC_ARG_WITH(ca-file,
+            [AC_HELP_STRING([--with-ca-file=@<:@path@:>@],
+                            [path to system Certificate Authority list])])
+if test "$with_ca_file" = "no"; then
+    AC_MSG_RESULT([disabled])
+else
+    if test -z "$with_ca_file"; then
+        for f in /etc/pki/tls/certs/ca-bundle.crt \
+                 /etc/ssl/certs/ca-certificates.crt; do
+            if test -f "$f"; then
+                with_ca_file="$f"
+            fi
+        done
+        if test -z "$with_ca_file"; then
+            AC_MSG_ERROR([could not find. Use --with-ca-file=path to set, or --without-ca-file to disable])
+        fi
+    fi
+
+    AC_MSG_RESULT($with_ca_file)
+    if ! test -f "$with_ca_file"; then
+        AC_MSG_ERROR([No such file '$with_ca_file'. Use --with-ca-file=path to set, or --without-ca-file to disable])
+    fi
+    GTLS_SYSTEM_CA_FILE="$with_ca_file"
+
+    AC_DEFINE_UNQUOTED([GTLS_SYSTEM_CA_FILE], ["$GTLS_SYSTEM_CA_FILE"], [path to system Certificate Authority list])
+fi
 
 AC_ARG_ENABLE(debug,
   AC_HELP_STRING([--disable-debug],[compile without debug code]),
diff --git a/src/connection.c b/src/connection.c
index 2f12d3d..42039d1 100644
--- a/src/connection.c
+++ b/src/connection.c
@@ -1965,7 +1965,7 @@ _gabble_connection_connect (TpBaseConnection *base,
   g_free (jid);
 
   /* system certs */
-  wocky_tls_handler_add_ca (tls_handler, CA_CERTIFICATES_PATH);
+  wocky_tls_handler_add_ca (tls_handler, GTLS_SYSTEM_CA_FILE);
 
   /* user certs */
   user_certs_dir = g_build_filename (g_get_user_config_dir (),
-- 
1.7.3.2