Add auto-detection of ssl_ca_file by configure

cf. gnutls-trustfiles in Emacs 27.1
<https://git.savannah.gnu.org/cgit/emacs.git/tree/lisp/net/gnutls.el?h=emacs-27.1#n106>

acinclude.m4

@@ -510,6 +510,26 @@ if test x"$with_ssl" != xno; then
     AC_MSG_RESULT($enable_sslverify)
   fi
 fi
+AC_SUBST(DEF_CAFILE)
+w3m_cafile=""
+if test x"$enable_sslverify" = xyes; then
+  AC_MSG_CHECKING(for CA bundle location)
+  AC_ARG_WITH(cafile,
+    [   --with-cafile=CAFILE		CA file to verify SSL certificate],
+    [w3m_cafile="$with_cafile"],[
+      for f in /etc/ssl/certs/ca-certificates.crt \
+        /etc/pki/tls/certs/ca-bundle.crt \
+        /etc/ssl/ca-bundle.pem \
+        /usr/ssl/certs/ca-bundle.crt \
+        /usr/local/share/certs/ca-root-nss.crt \
+        /etc/ssl/cert.pem \
+        /etc/certs/ca-certificates.crt; do
+        if test -f "$f" -a -r "$f"; then w3m_cafile="$f"; break; fi
+      done
+    ])
+  AC_MSG_RESULT($w3m_cafile)
+fi
+AC_DEFINE_UNQUOTED(DEF_CAFILE, "$w3m_cafile")
 AC_SUBST(USE_DIGEST_AUTH)
 AC_MSG_CHECKING(if digest auth is enabled)
 AC_ARG_ENABLE(digest_auth,

config.h.dist

@@ -128,7 +128,8 @@ INSTALL_W3MIMGDISPLAY=$(INSTALL_PROGRAM)
 #define USE_COOKIE
 #define USE_DIGEST_AUTH
 #define USE_SSL
-#undef USE_SSL_VERIFY
+#define USE_SSL_VERIFY
+#define DEF_CAFILE	"/etc/ssl/certs/ca-certificates.crt"
 #undef USE_NNTP
 #undef USE_GOPHER
 #define USE_EXTERNAL_URI_LOADER

config.h.in

@@ -61,6 +61,7 @@
 #undef USE_DIGEST_AUTH
 #undef USE_SSL
 #undef USE_SSL_VERIFY
+#define DEF_CAFILE	"@DEF_CAFILE@"
 #undef USE_HELP_CGI
 #undef USE_EXTERNAL_URI_LOADER
 #undef USE_W3MMAILER

configure

@@ -634,6 +634,7 @@ AUXBIN_TARGETS
 USE_SYSMOUSE
 USE_W3M
 USE_DIGEST_AUTH
+DEF_CAFILE
 SSL_LIBS
 SSL_CFLAGS
 PKG_CONFIG_LIBDIR
@@ -836,6 +837,7 @@ with_browser
 enable_ipv6
 with_ssl
 enable_sslverify
+with_cafile
 enable_digest_auth
 with_termlib
 with_gc
@@ -1534,6 +1536,7 @@ Optional Packages:
   --with-mailer=MAILER		default mailer (/usr/bin/mail)
   --with-browser=BROWSER	default browser (/usr/bin/firefox)
   --with-ssl=PREFIX		support https protocol
+   --with-cafile=CAFILE		CA file to verify SSL certificate
   --with-termlib=LIBS		terminal library
 				LIBS is space separated list of:
 				  terminfo mytinfo termcap tinfo ncurses curses
@@ -8558,6 +8561,36 @@ $as_echo "$enable_sslverify" >&6; }
   fi
 fi
 
+w3m_cafile=""
+if test x"$enable_sslverify" = xyes; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for CA bundle location" >&5
+$as_echo_n "checking for CA bundle location... " >&6; }
+
+# Check whether --with-cafile was given.
+if test "${with_cafile+set}" = set; then :
+  withval=$with_cafile; w3m_cafile="$with_cafile"
+else
+
+      for f in /etc/ssl/certs/ca-certificates.crt \
+        /etc/pki/tls/certs/ca-bundle.crt \
+        /etc/ssl/ca-bundle.pem \
+        /usr/ssl/certs/ca-bundle.crt \
+        /usr/local/share/certs/ca-root-nss.crt \
+        /etc/ssl/cert.pem \
+        /etc/certs/ca-certificates.crt; do
+        if test -f "$f" -a -r "$f"; then w3m_cafile="$f"; break; fi
+      done
+
+fi
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $w3m_cafile" >&5
+$as_echo "$w3m_cafile" >&6; }
+fi
+cat >>confdefs.h <<_ACEOF
+#define DEF_CAFILE "$w3m_cafile"
+_ACEOF
+
+
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if digest auth is enabled" >&5
 $as_echo_n "checking if digest auth is enabled... " >&6; }
 # Check whether --enable-digest_auth was given.

doc-jp/README.SSL

@@ -43,7 +43,8 @@ SSL サポートについて
         SSLの認証局のPEM形式証明書群のあるディレクトリへのパス
         (デフォルトは<NULL>).
     ssl_ca_file ファイル名
-        SSLの認証局のPEM形式証明書群のファイル(デフォルトは<NULL>).
+        SSLの認証局のPEM形式証明書群のファイル(デフォルトはconfigureで
+        自動設定).
     ただし「SSLEAY_VERSION_NUMBER >= 0x0800」な環境でないと無駄なコードが増
     えるだけなので, configure時にdisableしておいたほうがよいでしょう.
 

fm.h

@@ -1185,7 +1185,7 @@ global int ssl_verify_server init(TRUE);
 global char *ssl_cert_file init(NULL);
 global char *ssl_key_file init(NULL);
 global char *ssl_ca_path init(NULL);
-global char *ssl_ca_file init(NULL);
+global char *ssl_ca_file init(DEF_CAFILE);
 global int ssl_path_modified init(FALSE);
 #endif				/* defined(USE_SSL) &&
 				 * defined(USE_SSL_VERIFY) */