| blob | 7f5808e50535e2f6685de5c209b9ee4664206131 |
1 commit 9bcdde1ab9cdff6a4471f9a926dd488ab70c7247
2 Author: Daiderd Jordan <daiderd@gmail.com>
3 Date: Mon Apr 22 16:38:27 2019 +0200
5 Revert "gnutls_x509_trust_list_add_system_trust: Add macOS keychain support"
7 This reverts commit c0eb46d3463cd21b3f822ac377ff37f067f66b8d.
9 diff --git a/configure.ac b/configure.ac
10 index 8ad597bfd..8d14f26cd 100644
11 --- a/configure.ac
12 +++ b/configure.ac
13 @@ -781,7 +781,7 @@ dnl auto detect https://lists.gnu.org/archive/html/help-gnutls/2012-05/msg00004.
14 AC_ARG_WITH([default-trust-store-file],
15 [AS_HELP_STRING([--with-default-trust-store-file=FILE],
16 [use the given file default trust store])], with_default_trust_store_file="$withval",
17 - [if test "$build" = "$host" && test x$with_default_trust_store_pkcs11 = x && test x$with_default_trust_store_dir = x && test x$have_macosx = x;then
18 + [if test "$build" = "$host" && test x$with_default_trust_store_pkcs11 = x && test x$with_default_trust_store_dir = x;then
19 for i in \
20 /etc/ssl/ca-bundle.pem \
21 /etc/ssl/certs/ca-certificates.crt \
22 diff --git a/lib/Makefile.am b/lib/Makefile.am
23 index fe9cf63a2..745695f7e 100644
24 --- a/lib/Makefile.am
25 +++ b/lib/Makefile.am
26 @@ -203,10 +203,6 @@ if WINDOWS
27 thirdparty_libadd += -lcrypt32
28 endif
30 -if MACOSX
31 -libgnutls_la_LDFLAGS += -framework Security -framework CoreFoundation
32 -endif
33 -
34 libgnutls_la_LIBADD += $(thirdparty_libadd)
36 # C++ library
37 diff --git a/lib/system/certs.c b/lib/system/certs.c
38 index 611c645e0..912b0aa5e 100644
39 --- a/lib/system/certs.c
40 +++ b/lib/system/certs.c
41 @@ -44,12 +44,6 @@
42 # endif
43 #endif
45 -#ifdef __APPLE__
46 -# include <CoreFoundation/CoreFoundation.h>
47 -# include <Security/Security.h>
48 -# include <Availability.h>
49 -#endif
50 -
51 /* System specific function wrappers for certificate stores.
52 */
54 @@ -276,72 +270,6 @@ int add_system_trust(gnutls_x509_trust_list_t list, unsigned int tl_flags,
56 return r;
57 }
58 -#elif defined(__APPLE__) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 1070
59 -static
60 -int osstatus_error(status)
61 -{
62 - CFStringRef err_str = SecCopyErrorMessageString(status, NULL);
63 - _gnutls_debug_log("Error loading system root certificates: %s\n",
64 - CFStringGetCStringPtr(err_str, kCFStringEncodingUTF8));
65 - CFRelease(err_str);
66 - return GNUTLS_E_FILE_ERROR;
67 -}
68 -
69 -static
70 -int add_system_trust(gnutls_x509_trust_list_t list, unsigned int tl_flags,
71 - unsigned int tl_vflags)
72 -{
73 - int r=0;
74 -
75 - SecTrustSettingsDomain domain[] = { kSecTrustSettingsDomainUser,
76 - kSecTrustSettingsDomainAdmin,
77 - kSecTrustSettingsDomainSystem };
78 - for (size_t d=0; d<sizeof(domain)/sizeof(*domain); d++) {
79 - CFArrayRef certs = NULL;
80 - OSStatus status = SecTrustSettingsCopyCertificates(domain[d],
81 - &certs);
82 - if (status == errSecNoTrustSettings)
83 - continue;
84 - if (status != errSecSuccess)
85 - return osstatus_error(status);
86 -
87 - int cert_count = CFArrayGetCount(certs);
88 - for (int i=0; i<cert_count; i++) {
89 - SecCertificateRef cert =
90 - (void*)CFArrayGetValueAtIndex(certs, i);
91 - CFDataRef der;
92 - status = SecItemExport(cert, kSecFormatX509Cert, 0,
93 - NULL, &der);
94 - if (status != errSecSuccess) {
95 - CFRelease(der);
96 - CFRelease(certs);
97 - return osstatus_error(status);
98 - }
99 -
100 - if (gnutls_x509_trust_list_add_trust_mem(list,
101 - &(gnutls_datum_t) {
102 - .data = (void*)CFDataGetBytePtr(der),
103 - .size = CFDataGetLength(der),
104 - },
105 - NULL,
106 - GNUTLS_X509_FMT_DER,
107 - tl_flags,
108 - tl_vflags) > 0)
109 - r++;
110 - CFRelease(der);
111 - }
112 - CFRelease(certs);
113 - }
114 -
115 -#ifdef DEFAULT_BLACKLIST_FILE
116 - ret = gnutls_x509_trust_list_remove_trust_file(list, DEFAULT_BLACKLIST_FILE, GNUTLS_X509_FMT_PEM);
117 - if (ret < 0) {
118 - _gnutls_debug_log("Could not load blacklist file '%s'\n", DEFAULT_BLACKLIST_FILE);
119 - }
120 -#endif
121 -
122 - return r;
123 -}
124 #else
126 #define add_system_trust(x,y,z) GNUTLS_E_UNIMPLEMENTED_FEATURE