From bc23d7835bc1d543b60aaffade7c9b47cae19f9e Mon Sep 17 00:00:00 2001
From: David Rose <david@ddrose.com>
Date: Thu, 17 Sep 2009 17:38:07 +0000
Subject: [PATCH] OK, we need ssl-certificates too

---
 panda/src/express/config_express.cxx | 6 ++++++
 panda/src/express/config_express.h   | 1 +
 panda/src/express/openSSLWrapper.cxx | 7 +++++++
 3 files changed, 14 insertions(+)

diff --git a/panda/src/express/config_express.cxx b/panda/src/express/config_express.cxx
index 5a1acf4277..0eac3f6dfd 100644
--- a/panda/src/express/config_express.cxx
+++ b/panda/src/express/config_express.cxx
@@ -79,6 +79,12 @@ ConfigVariableFilename ca_bundle_filename
           "ca-bundle.crt is included in the OpenSSL distribution, and "
           "is also included with Panda."));
 
+ConfigVariableList ssl_certificates
+("ssl-certificates",
+ PRC_DESC("This variable lists additional filenames, on top of the file "
+          "named by ca-bundle-filename, that contain trusted SSL "
+          "certificates or certificate authorities."));
+
 ////////////////////////////////////////////////////////////////////
 //     Function: init_libexpress
 //  Description: Initializes the library.  This must be called at
diff --git a/panda/src/express/config_express.h b/panda/src/express/config_express.h
index 6804f7b8d3..38149399ab 100644
--- a/panda/src/express/config_express.h
+++ b/panda/src/express/config_express.h
@@ -54,6 +54,7 @@ extern ConfigVariableBool keep_temporary_files;
 extern EXPCL_PANDAEXPRESS ConfigVariableBool collect_tcp;
 extern EXPCL_PANDAEXPRESS ConfigVariableDouble collect_tcp_interval;
 extern ConfigVariableFilename ca_bundle_filename;
+extern ConfigVariableList ssl_certificates;
 
 // Expose the Config variable for Python access.
 BEGIN_PUBLISH
diff --git a/panda/src/express/openSSLWrapper.cxx b/panda/src/express/openSSLWrapper.cxx
index 6f9114c04b..53e85923e3 100644
--- a/panda/src/express/openSSLWrapper.cxx
+++ b/panda/src/express/openSSLWrapper.cxx
@@ -42,6 +42,13 @@ OpenSSLWrapper() {
   if (!ca_bundle_filename.empty()) {
     load_certificates(ca_bundle_filename);
   }
+
+  int num_certs = ssl_certificates.get_num_unique_values();
+  for (int ci = 0; ci < num_certs; ci++) {
+    string cert_file = ssl_certificates.get_unique_value(ci);
+    Filename filename = Filename::expand_from(cert_file);
+    load_certificates(filename);
+  }
 }
 
 ////////////////////////////////////////////////////////////////////