File aria2-1.15.1-system_certificates.patch of Package aria2

Index: configure.ac
===================================================================
--- configure.ac.orig
+++ configure.ac
@@ -121,6 +121,7 @@ if test "x$with_gnutls" = "xyes"; then
     AC_DEFINE([HAVE_LIBGNUTLS], [1], [Define to 1 if you have libgnutls.])
     LIBS="$LIBGNUTLS_LIBS $LIBS"
     CPPFLAGS="$LIBGNUTLS_CFLAGS $CPPFLAGS"
+    AC_CHECK_FUNCS([gnutls_certificate_set_x509_system_trust])
   else
     AC_MSG_WARN([$LIBGNUTLS_PKG_ERRORS])
     if test "x$with_gnutls_requested" = "xyes"; then
Index: src/LibgnutlsTLSContext.cc
===================================================================
--- src/LibgnutlsTLSContext.cc.orig
+++ src/LibgnutlsTLSContext.cc
@@ -99,6 +99,22 @@ bool TLSContext::addClientKeyFile(const
   }
 }
 
+bool TLSContext::addSystemTrustedCACerts() {
+#ifdef HAVE_GNUTLS_CERTIFICATE_SET_X509_SYSTEM_TRUST
+  int ret = gnutls_certificate_set_x509_system_trust(certCred_);
+  if(ret < 0) {
+    A2_LOG_ERROR(fmt(MSG_LOADING_SYSTEM_TRUSTED_CA_CERTS_FAILED,
+                     gnutls_strerror(ret)));
+    return false;
+  } else {
+    A2_LOG_INFO(fmt("%d certificate(s) were imported.", ret));
+    return true;
+  }
+#else
+  return false;
+#endif
+}
+
 bool TLSContext::addTrustedCACertFile(const std::string& certfile)
 {
   int ret = gnutls_certificate_set_x509_trust_file(certCred_,
Index: src/LibgnutlsTLSContext.h
===================================================================
--- src/LibgnutlsTLSContext.h.orig
+++ src/LibgnutlsTLSContext.h
@@ -61,6 +61,8 @@ public:
   bool addClientKeyFile(const std::string& certfile,
                         const std::string& keyfile);
 
+  bool addSystemTrustedCACerts();
+
   // certfile can contain multiple certificates.
   bool addTrustedCACertFile(const std::string& certfile);
 
Index: src/LibsslTLSContext.cc
===================================================================
--- src/LibsslTLSContext.cc.orig
+++ src/LibsslTLSContext.cc
@@ -102,6 +102,18 @@ bool TLSContext::addClientKeyFile(const
   return true;
 }
 
+bool TLSContext::addSystemTrustedCACerts() {
+{
+  if(SSL_CTX_set_default_verify_paths(sslCtx_) != 1) {
+    A2_LOG_ERROR(fmt(MSG_LOADING_SYSTEM_TRUSTED_CA_CERTS_FAILED,
+                     ERR_error_string(ERR_get_error(), 0)));
+    return false;
+  } else {
+    A2_LOG_INFO("System trusted CA certificates were successfully added.");
+    return true;
+  }
+}
+
 bool TLSContext::addTrustedCACertFile(const std::string& certfile)
 {
   if(SSL_CTX_load_verify_locations(sslCtx_, certfile.c_str(), 0) != 1) {
Index: src/LibsslTLSContext.h
===================================================================
--- src/LibsslTLSContext.h.orig
+++ src/LibsslTLSContext.h
@@ -61,6 +61,8 @@ public:
   bool addClientKeyFile(const std::string& certfile,
                         const std::string& keyfile);
 
+  bool addSystemTrustedCACerts();
+
   // certfile can contain multiple certificates.
   bool addTrustedCACertFile(const std::string& certfile);
 
Index: src/MultiUrlRequestInfo.cc
===================================================================
--- src/MultiUrlRequestInfo.cc.orig
+++ src/MultiUrlRequestInfo.cc
@@ -179,12 +179,15 @@ error_code::Value MultiUrlRequestInfo::e
       tlsContext->addClientKeyFile(option_->get(PREF_CERTIFICATE),
                                    option_->get(PREF_PRIVATE_KEY));
     }
+
     if(!option_->blank(PREF_CA_CERTIFICATE)) {
       if(!tlsContext->addTrustedCACertFile(option_->get(PREF_CA_CERTIFICATE))) {
         A2_LOG_INFO(MSG_WARN_NO_CA_CERT);
       }
     } else if(option_->getAsBool(PREF_CHECK_CERTIFICATE)) {
-      A2_LOG_INFO(MSG_WARN_NO_CA_CERT);
+      if(!tlsContext->addSystemTrustedCACerts()) {
+        A2_LOG_INFO(MSG_WARN_NO_CA_CERT);
+      }
     }
     if(option_->getAsBool(PREF_CHECK_CERTIFICATE)) {
       tlsContext->enablePeerVerification();
Index: src/message.h
===================================================================
--- src/message.h.orig
+++ src/message.h
@@ -169,6 +169,8 @@
 #define MSG_ESTABLISHING_CONNECTION_FAILED              \
   _("Failed to establish connection, cause: %s")
 #define MSG_NETWORK_PROBLEM _("Network problem has occurred. cause:%s")
+#define MSG_LOADING_SYSTEM_TRUSTED_CA_CERTS_FAILED                              \
+  _("Failed to load trusted CA certificates from system. Cause: %s")
 #define MSG_LOADING_TRUSTED_CA_CERT_FAILED                              \
   _("Failed to load trusted CA certificates from %s. Cause: %s")
 #define MSG_CERT_VERIFICATION_FAILED                    \