[Spice-devel] [spice-gtk v5] Use system-wide trust certificate store
Marc-André Lureau
marcandre.lureau at gmail.com
Tue Nov 12 08:32:36 PST 2013
On Tue, Nov 12, 2013 at 5:24 PM, Christophe Fergeau <cfergeau at redhat.com> wrote:
> + if (use_system_ca) {
> + rc = SSL_CTX_set_default_verify_paths(c->ctx);
> + if (rc != 1)
I assume this doesn't override the previously loaded CA, but could you verify?
anyway, I think it would be safer to check previous success and skip
further loading.
The current code is not perfect in this regard, but it's mostly a
client error if both file and memory CA are given. And I am not sure
we should permit that.
Any idea?
--
Marc-André Lureau
More information about the Spice-devel
mailing list