From 10672429a5ffc51eacfdd6d9c0563d0c1d17b01e Mon Sep 17 00:00:00 2001
From: Tobias Markmann <tm@ayena.de>
Date: Wed, 24 Aug 2016 17:23:22 +0200
Subject: Use SSL_CTX_set_default_verify_paths to set trusted CAs for OpenSSL

This fixes setup of trusted CAs on Fedora.

Test-Information:

Tested successful login to two different hosts with different
CAs. Previously the there was no certificate warning on
Debian 8 and a certificate warning on Fedora 24. With this
patch there is no certificate warning anymore on Debian 8
and Fedora 24.

Change-Id: I70e71eb9734f2012bcd5c4b784bab47917b44234

diff --git a/Swiften/TLS/OpenSSL/OpenSSLContext.cpp b/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
index b7496a0..cd6b6bc 100644
--- a/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
+++ b/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
@@ -68,7 +68,7 @@ OpenSSLContext::OpenSSLContext() : state_(Start), context_(0), handle_(0), readB
         }
     }
 #elif !defined(SWIFTEN_PLATFORM_MACOSX)
-    SSL_CTX_load_verify_locations(context_, NULL, "/etc/ssl/certs");
+    SSL_CTX_set_default_verify_paths(context_);
 #elif defined(SWIFTEN_PLATFORM_MACOSX) && !defined(SWIFTEN_PLATFORM_IPHONE)
     // On Mac OS X 10.5 (OpenSSL < 0.9.8), OpenSSL does not automatically look in the system store.
     // On Mac OS X 10.6 (OpenSSL >= 0.9.8), OpenSSL *does* look in the system store to determine trust.
-- 
cgit v0.10.2-6-g49f6