Honor SSL_CERT_FILE environment vartiable

ChangeLog

@@ -1,3 +1,11 @@
+2022-10-20 Richard Frith-Macdonald <rfm@gnu.org>
+
+	* Resources/GSTLS/README:
+	* Source/GSTLS.m:
+	Honor the SSL_CERT_FILE environment variable (for OpenSSL
+	compatibility) if our own user default or environment variable
+	is not used.
+
 2022-10-18 Richard Frith-Macdonald <rfm@gnu.org>
 
 	* Source/GSHTTPURLHandle.m: Track whether we have read any data from

Resources/GSTLS/README

@@ -3,8 +3,9 @@ Files here are the fallbacks for TLS/SSL certificate verification.
 
 To find the certificate authority certificates the system looks in:
 The path specified by GSTLSCAFile (if that user default is defined),
-otherwise the path specified in the GS_TLS_CA_FILE environment variable
-if it is defined, otherwise the file GSTLS/ca-certificates.crt in the
+otherwise the path specified in the GS_TLS_CA_FILE environment variable if
+it is defined, otherwise the path specified in the SSL_CERT_FILE environment
+variable if it is defined, otherwise the file GSTLS/ca-certificates.crt in the
 base library resource bundle.
 
 Similarly to find the revoke file, the order of precedence of configuration

Source/GSTLS.m

@@ -225,8 +225,13 @@ static NSMutableDictionary      *fileMap = nil;
     {
       /* Let the GS_TLS_CA_FILE environment variable override the
        * default certificate authority location.
+       * Failing that, use the same environment variable as OpenSSL
        */
       str = [env objectForKey: @"GS_TLS_CA_FILE"];
+      if (nil == str)
+        {
+          str = [env objectForKey: @"SSL_CERT_FILE"];
+        }
       if (nil == str)
         {
           str = [bundle pathForResource: @"ca-certificates"