darealshinji/gnutls_certificate_paths.patch

## gnutls_certificate_paths.patch
--- a/lib/system.c
+++ b/lib/system.c
@@ -404,16 +404,19 @@
 		r += ret;
 #endif

-#ifdef DEFAULT_TRUST_STORE_FILE
-	ret =
-	    gnutls_x509_trust_list_add_trust_file(list,
-						  DEFAULT_TRUST_STORE_FILE,
-						  crl_file,
-						  GNUTLS_X509_FMT_PEM,
-						  tl_flags, tl_vflags);
-	if (ret > 0)
-		r += ret;
-#endif
+#define ADD_TRUST(path) \
+	ret = gnutls_x509_trust_list_add_trust_file(list, path, crl_file, GNUTLS_X509_FMT_PEM, tl_flags, tl_vflags); \
+	if (ret > 0) r += ret;
+
+	ADD_TRUST("/etc/ssl/ca-bundle.pem")
+	ADD_TRUST("/etc/ssl/certs/ca-certificates.crt")
+	ADD_TRUST("/etc/ssl/cert.pem")
+	ADD_TRUST("/etc/pki/tls/certs/ca-bundle.crt")
+	ADD_TRUST("/etc/pki/tls/cert.pem")
+	ADD_TRUST("/etc/pki/tls/cacert.pem")
+	ADD_TRUST("/usr/local/share/certs/ca-root-nss.crt")
+
+#undef ADD_TRUST()

 #ifdef DEFAULT_BLACKLIST_FILE
 	ret = gnutls_x509_trust_list_remove_trust_file(list, DEFAULT_BLACKLIST_FILE, GNUTLS_X509_FMT_PEM);
	--- a/lib/system.c
	+++ b/lib/system.c
	@@ -404,16 +404,19 @@
	r += ret;
	#endif

	-#ifdef DEFAULT_TRUST_STORE_FILE
	- ret =
	- gnutls_x509_trust_list_add_trust_file(list,
	- DEFAULT_TRUST_STORE_FILE,
	- crl_file,
	- GNUTLS_X509_FMT_PEM,
	- tl_flags, tl_vflags);
	- if (ret > 0)
	- r += ret;
	-#endif
	+#define ADD_TRUST(path) \
	+ ret = gnutls_x509_trust_list_add_trust_file(list, path, crl_file, GNUTLS_X509_FMT_PEM, tl_flags, tl_vflags); \
	+ if (ret > 0) r += ret;
	+
	+ ADD_TRUST("/etc/ssl/ca-bundle.pem")
	+ ADD_TRUST("/etc/ssl/certs/ca-certificates.crt")
	+ ADD_TRUST("/etc/ssl/cert.pem")
	+ ADD_TRUST("/etc/pki/tls/certs/ca-bundle.crt")
	+ ADD_TRUST("/etc/pki/tls/cert.pem")
	+ ADD_TRUST("/etc/pki/tls/cacert.pem")
	+ ADD_TRUST("/usr/local/share/certs/ca-root-nss.crt")
	+
	+#undef ADD_TRUST()

	#ifdef DEFAULT_BLACKLIST_FILE
	ret = gnutls_x509_trust_list_remove_trust_file(list, DEFAULT_BLACKLIST_FILE, GNUTLS_X509_FMT_PEM);