X-Git-Url: https://code.delx.au/gnu-emacs/blobdiff_plain/7e09ef09a479731d01b1ca46e94ddadd73ac98e3..91917dd58ec5278e555b9c693a830749083e8f89:/lisp/net/gnutls.el

diff --git a/lisp/net/gnutls.el b/lisp/net/gnutls.el
index 235b2a2a11..a7321da854 100644
--- a/lisp/net/gnutls.el
+++ b/lisp/net/gnutls.el
@@ -67,10 +67,11 @@ set this variable to \"normal:-dhe-rsa\"."
 
 (defcustom gnutls-trustfiles
   '(
-    "/etc/ssl/certs/ca-certificates.crt" ; Debian, Ubuntu, Gentoo and Arch Linux
-    "/etc/pki/tls/certs/ca-bundle.crt"   ; Fedora and RHEL
-    "/etc/ssl/ca-bundle.pem"             ; Suse
-    "/usr/ssl/certs/ca-bundle.crt"       ; Cygwin
+    "/etc/ssl/certs/ca-certificates.crt"     ; Debian, Ubuntu, Gentoo and Arch Linux
+    "/etc/pki/tls/certs/ca-bundle.crt"       ; Fedora and RHEL
+    "/etc/ssl/ca-bundle.pem"                 ; Suse
+    "/usr/ssl/certs/ca-bundle.crt"           ; Cygwin
+    "/usr/local/share/certs/ca-root-nss.crt" ; FreeBSD
     )
   "List of CA bundle location filenames or a function returning said list.
 The files may be in PEM or DER format, as per the GnuTLS documentation.
@@ -111,9 +112,9 @@ specifying a port number to connect to.
 
 Usage example:
 
-  \(with-temp-buffer
-    \(open-gnutls-stream \"tls\"
-                        \(current-buffer)
+  (with-temp-buffer
+    (open-gnutls-stream \"tls\"
+                        (current-buffer)
                         \"your server goes here\"
                         \"imaps\"))
 
@@ -192,12 +193,7 @@ defaults to GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT."
 	 ;; The gnutls library doesn't understand files delivered via
 	 ;; the special handlers, so ignore all files found via those.
 	 (file-name-handler-alist nil)
-         (trustfiles (or trustfiles
-                         (delq nil
-                               (mapcar (lambda (f) (and f (file-exists-p f) f))
-                                       (if (functionp gnutls-trustfiles)
-                                           (funcall gnutls-trustfiles)
-                                         gnutls-trustfiles)))))
+         (trustfiles (or trustfiles (gnutls-trustfiles)))
          (priority-string (or priority-string
                               (cond
                                ((eq type 'gnutls-anon)
@@ -250,6 +246,14 @@ defaults to GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT."
 
     process))
 
+(defun gnutls-trustfiles ()
+  "Return a list of usable trustfiles."
+  (delq nil
+        (mapcar (lambda (f) (and f (file-exists-p f) f))
+                (if (functionp gnutls-trustfiles)
+                    (funcall gnutls-trustfiles)
+                  gnutls-trustfiles))))
+
 (declare-function gnutls-error-string "gnutls.c" (error))
 
 (defun gnutls-message-maybe (doit format &rest params)
@@ -259,7 +263,7 @@ defaults to GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT."
     (message "%s: (err=[%s] %s) %s"
              "gnutls.el"
              doit (gnutls-error-string doit)
-             (apply 'format format (or params '(nil))))))
+             (apply #'format-message format (or params '(nil))))))
 
 (provide 'gnutls)