[Spice-devel] Why is the CA certificate needed on the SPICE server?

Yaniv Kaul ykaul at redhat.com
Wed Sep 7 07:14:10 PDT 2011


On 09/07/2011 01:42 PM, Andrea Spadaccini wrote:
> Hello,
> I am implementing SPICE support in Ganeti
> (http://code.google.com/p/ganeti), and while implementing TLS I
> noticed that the SPICE server needs, apart from his key and
> certificate, also the certificate of the CA that signed its
> certificate.
>
> I found the relevant code in reds.c (reds_init_ssl()), but I am not
> very confident with SSL so I don't really understand why the server
> would need the CA certificate.
>
> Can anyone explain it to me?

You cannot verify a certificate if you don't have the certificate of the 
authority who signed that certificate - which is the CA.
Y.

>
> Thanks,
> Andrea
> _______________________________________________
> Spice-devel mailing list
> Spice-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/spice-devel



More information about the Spice-devel mailing list