Add OpenBSD CA cert path.

[claws.git] / src / common / ssl.c

diff --git a/src/common/ssl.c b/src/common/ssl.c
index c8b1b3da4051665613069ea558d4b4a5feba07d3..bc8ab7de7bcf03424dcea7909dc20923d9da64cf 100644 (file)
--- a/src/common/ssl.c
+++ b/src/common/ssl.c
@@ -57,6 +57,12 @@ typedef struct _thread_data {
 } thread_data;
 #endif
 
+#if GNUTLS_VERSION_NUMBER < 0x030400
+#define DEFAULT_GNUTLS_PRIORITY "NORMAL:-VERS-SSL3.0"
+#else
+#define DEFAULT_GNUTLS_PRIORITY "NORMAL"
+#endif
+
 #if GNUTLS_VERSION_NUMBER <= 0x020c00
 static int gnutls_client_cert_cb(gnutls_session_t session,
                                const gnutls_datum_t *req_ca_rdn, int nreqs,
@@ -119,6 +125,7 @@ const gchar *claws_ssl_get_cert_file(void)
 {
 #ifndef G_OS_WIN32
        const char *cert_files[]={
+               "/etc/ssl/cert.pem",
                "/etc/pki/tls/certs/ca-bundle.crt",
                "/etc/certs/ca-bundle.crt",
                "/etc/ssl/ca-bundle.pem",
@@ -331,8 +338,9 @@ gboolean ssl_init_socket(SockInfo *sockinfo)
                            sockinfo->gnutls_priority, r);
        }
        else {
-               gnutls_priority_set_direct(session, "NORMAL:-VERS-SSL3.0", NULL);
+               gnutls_priority_set_direct(session, DEFAULT_GNUTLS_PRIORITY, NULL);
        }
+
        gnutls_record_disable_padding(session);
 
        gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);