Add a proper cipher suite, and point to a valid root cert file. This allows

empathy to connect to encrypted jabber streams.

net-im/loudmouth/Makefile

@@ -7,7 +7,7 @@
 
 PORTNAME=	loudmouth
 PORTVERSION=	1.4.3
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	net-im gnome
 MASTER_SITES=	http://ftp.imendio.com/pub/imendio/loudmouth/src/ \
 		GNOME
@@ -32,8 +32,13 @@ OPTIONS=	GNUTLS "Enable SSL (via GnuTLS) support" on
 
 .if !defined(WITHOUT_GNUTLS)
 LIB_DEPENDS+=		gnutls.40:${PORTSDIR}/security/gnutls
+RUN_DEPENDS+=		${LOCALBASE}/share/certs/ca-root-nss.crt:${PORTSDIR}/security/ca_root_nss
 .else
 CONFIGURE_ARGS+=	--without-ssl
 .endif
 
+post-patch:
+	@${REINPLACE_CMD} -e 's|%%LOCALBASE%%|${LOCALBASE}|' \
+	    	${WRKSRC}/loudmouth/lm-ssl-gnutls.c
+
 .include <bsd.port.post.mk>

net-im/loudmouth/files/patch-loudmouth_lm-ssl-gnutls.c

@@ -0,0 +1,28 @@
+--- loudmouth/lm-ssl-gnutls.c.orig	2010-04-17 15:56:39.000000000 -0400
++++ loudmouth/lm-ssl-gnutls.c	2010-04-17 15:56:43.000000000 -0400
+@@ -32,7 +32,7 @@
+ 
+ #include <gnutls/x509.h>
+ 
+-#define CA_PEM_FILE "/etc/ssl/certs/ca-certificates.crt"
++#define CA_PEM_FILE "%%LOCALBASE%%/share/certs/ca-root-nss.crt"
+ 
+ struct _LmSSL {
+ 	LmSSLBase base;
+@@ -200,6 +200,7 @@ _lm_ssl_begin (LmSSL *ssl, gint fd, cons
+ 		{ GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 };
+ 	const int compression_priority[] =
+ 		{ GNUTLS_COMP_DEFLATE, GNUTLS_COMP_NULL, 0 };
++	gnutls_priority_t priorities_cache;
+ 
+ 	gnutls_init (&ssl->gnutls_session, GNUTLS_CLIENT);
+ 	gnutls_set_default_priority (ssl->gnutls_session);
+@@ -213,6 +214,8 @@ _lm_ssl_begin (LmSSL *ssl, gint fd, cons
+ 
+ 	gnutls_transport_set_ptr (ssl->gnutls_session,
+ 				  (gnutls_transport_ptr_t)(glong) fd);
++	gnutls_priority_init (&priorities_cache, "NONE:+VERS-TLS1.0:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL:NORMAL:%COMPAT", NULL);
++	gnutls_priority_set (ssl->gnutls_session, priorities_cache);
+ 
+ 	ret = gnutls_handshake (ssl->gnutls_session);
+