Index: libsoup-2.32.2/libsoup/soup-gnutls.c =================================================================== --- libsoup-2.32.2.orig/libsoup/soup-gnutls.c +++ libsoup-2.32.2/libsoup/soup-gnutls.c @@ -618,8 +618,8 @@ soup_ssl_get_client_credentials (const c gnutls_certificate_set_verify_flags (creds->creds, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT); + creds->have_ca_file = TRUE; if (ca_file) { - creds->have_ca_file = TRUE; status = gnutls_certificate_set_x509_trust_file ( creds->creds, ca_file, GNUTLS_X509_FMT_PEM); if (status < 0) { @@ -631,6 +631,24 @@ soup_ssl_get_client_credentials (const c * creds to the caller. */ } + } else { +// use system certificates. this should really be provided by gnutls ... +#define SSL_CERT_DIR "/etc/ssl/certs" + GDir* dir = g_dir_open(SSL_CERT_DIR, 0, NULL); + if (dir) { + const char* name; + while ((name = g_dir_read_name(dir))) { + char* fn = g_strjoin("/", SSL_CERT_DIR, name, NULL); + if (g_str_has_suffix(name, ".pem")) { + status = gnutls_certificate_set_x509_trust_file ( + creds->creds, fn, GNUTLS_X509_FMT_PEM); + if (status < 0) + g_warning("failed to import %s", fn); + } + g_free(fn); + } + g_dir_close(dir); + } } return creds;