host name (although @code{gnutls-negotiate} supports a trustfile per
connection so it could be done if needed). The trustfiles can be in
PEM or DER format and examples can be found in most Unix
-distributions. By default four locations are tried in this order:
-@file{/etc/ssl/certs/ca-certificates.crt} for Debian, Ubuntu, Gentoo
-and Arch Linux; @file{/etc/pki/tls/certs/ca-bundle.crt} for Fedora
-and RHEL; @file{/etc/ssl/ca-bundle.pem} for Suse;
-@file{/usr/ssl/certs/ca-bundle.crt} for Cygwin. You can easily
-customize @code{gnutls-trustfiles} to be something else, but let us
-know if you do, so we can make the change to benefit the other users
-of that platform.
+distributions. By default the following locations are tried in this
+order: @file{/etc/ssl/certs/ca-certificates.crt} for Debian, Ubuntu,
+Gentoo and Arch Linux; @file{/etc/pki/tls/certs/ca-bundle.crt} for
+Fedora and RHEL; @file{/etc/ssl/ca-bundle.pem} for Suse;
+@file{/usr/ssl/certs/ca-bundle.crt} for Cygwin;
+@file{/usr/local/share/certs/ca-root-nss.crt} for FreeBSD. You can
+easily customize @code{gnutls-trustfiles} to be something else, but
+let us know if you do, so we can make the change to benefit the other
+users of that platform.
@end defvar
@defvar gnutls-verify-error
(defcustom gnutls-trustfiles
'(
- "/etc/ssl/certs/ca-certificates.crt" ; Debian, Ubuntu, Gentoo and Arch Linux
- "/etc/pki/tls/certs/ca-bundle.crt" ; Fedora and RHEL
- "/etc/ssl/ca-bundle.pem" ; Suse
- "/usr/ssl/certs/ca-bundle.crt" ; Cygwin
+ "/etc/ssl/certs/ca-certificates.crt" ; Debian, Ubuntu, Gentoo and Arch Linux
+ "/etc/pki/tls/certs/ca-bundle.crt" ; Fedora and RHEL
+ "/etc/ssl/ca-bundle.pem" ; Suse
+ "/usr/ssl/certs/ca-bundle.crt" ; Cygwin
+ "/usr/local/share/certs/ca-root-nss.crt" ; FreeBSD
)
"List of CA bundle location filenames or a function returning said list.
The files may be in PEM or DER format, as per the GnuTLS documentation.