OK, we need ssl-certificates too

panda/src/express/config_express.cxx

@@ -79,6 +79,12 @@ ConfigVariableFilename ca_bundle_filename
           "ca-bundle.crt is included in the OpenSSL distribution, and "
           "is also included with Panda."));
 
+ConfigVariableList ssl_certificates
+("ssl-certificates",
+ PRC_DESC("This variable lists additional filenames, on top of the file "
+          "named by ca-bundle-filename, that contain trusted SSL "
+          "certificates or certificate authorities."));
+
 ////////////////////////////////////////////////////////////////////
 //     Function: init_libexpress
 //  Description: Initializes the library.  This must be called at

panda/src/express/config_express.h

@@ -54,6 +54,7 @@ extern ConfigVariableBool keep_temporary_files;
 extern EXPCL_PANDAEXPRESS ConfigVariableBool collect_tcp;
 extern EXPCL_PANDAEXPRESS ConfigVariableDouble collect_tcp_interval;
 extern ConfigVariableFilename ca_bundle_filename;
+extern ConfigVariableList ssl_certificates;
 
 // Expose the Config variable for Python access.
 BEGIN_PUBLISH

panda/src/express/openSSLWrapper.cxx

@@ -42,6 +42,13 @@ OpenSSLWrapper() {
   if (!ca_bundle_filename.empty()) {
     load_certificates(ca_bundle_filename);
   }
+
+  int num_certs = ssl_certificates.get_num_unique_values();
+  for (int ci = 0; ci < num_certs; ci++) {
+    string cert_file = ssl_certificates.get_unique_value(ci);
+    Filename filename = Filename::expand_from(cert_file);
+    load_certificates(filename);
+  }
 }
 
 ////////////////////////////////////////////////////////////////////