# HG changeset patch
# User Frank Zschockelt <lm@freakysoft.de>
# Date 1455220841 -3600
# Node ID 75866de0e731f8eaa76a1491340076060e143df5
# Parent  bbbe2d24eea4195017c677b3cb7d3aec5bdaf94b
Load system certs only if user doesn't specify trusted certs

diff -r bbbe2d24eea4 -r 75866de0e731 loudmouth/lm-ssl-gnutls.c
--- a/loudmouth/lm-ssl-gnutls.c	Wed Feb 10 23:23:38 2016 +0100
+++ b/loudmouth/lm-ssl-gnutls.c	Thu Feb 11 21:00:41 2016 +0100
@@ -187,7 +187,6 @@
 {
     gnutls_global_init ();
     gnutls_certificate_allocate_credentials (&ssl->gnutls_xcred);
-    gnutls_certificate_set_x509_system_trust(ssl->gnutls_xcred);
 }
 
 gboolean
@@ -272,6 +271,8 @@
     }
     if (base->ca_path) {
       _lm_ssl_set_ca(ssl, base->ca_path);
+    } else {
+        gnutls_certificate_set_x509_system_trust(ssl->gnutls_xcred);
     }
     gnutls_credentials_set (ssl->gnutls_session,
                             GNUTLS_CRD_CERTIFICATE,
diff -r bbbe2d24eea4 -r 75866de0e731 loudmouth/lm-ssl-openssl.c
--- a/loudmouth/lm-ssl-openssl.c	Wed Feb 10 23:23:38 2016 +0100
+++ b/loudmouth/lm-ssl-openssl.c	Thu Feb 11 21:00:41 2016 +0100
@@ -383,7 +383,6 @@
       cert_file, "/etc/ssl/certs")) {
       g_warning("SSL_CTX_load_verify_locations() failed");
       }*/
-    SSL_CTX_set_default_verify_paths (ssl->ssl_ctx);
     SSL_CTX_set_verify (ssl->ssl_ctx, SSL_VERIFY_PEER, ssl_verify_cb);
 }
 
@@ -436,6 +435,8 @@
     }
     if (base->ca_path) {
         _lm_ssl_set_ca (ssl, base->ca_path);
+    } else {
+        SSL_CTX_set_default_verify_paths (ssl->ssl_ctx);
     }
 
     ssl->ssl = SSL_new(ssl->ssl_ctx);