It looks like very recent GnuTLS releases (>= 3.3.6) may have finally added the API needed to make this possible:
https://www.happyassassin.net/2015/01/12/a-note-about-ssltls-trusted- certificate-stores-and-platforms/ http://gnutls.org/manual/html_node/X509-certificate-API.html#index- gnutls_005fx509_005ftrust_005flist_005fadd_005ftrust_005fdir No idea whether or not it's as simple as it looks, but I'll have a go at it some time. ** Changed in: gnutls26 (Ubuntu) Status: Confirmed => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gnutls26 in Ubuntu. https://bugs.launchpad.net/bugs/242313 Title: TLS_CACERTDIR not supported in gnutls Status in gnutls26 package in Ubuntu: Invalid Status in openldap package in Ubuntu: Triaged Bug description: Binary package hint: libldap-2.4-2 Description: Ubuntu 8.04 Release: 8.04 libldap-2.4-2: Installed: 2.4.7-6ubuntu4.2 Version table: *** 2.4.7-6ubuntu4.2 0 100 /var/lib/dpkg/status 2.4.7-6ubuntu3 0 500 http://be.archive.ubuntu.com hardy/main Packages Switching to gnutls for openldap in Hardy introduced a regression by breaking the TLS_CACERTDIR option in /etc/ldap/ldap.conf. Unlike openssl, gnutls doesn't certficate directories natively.Upgrading a secured openldap setup using TLS_CACERTDIR from Gutsy to Hardy breaks connections to the openldap server. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/242313/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
