[Spice-devel] [spice-gtk v5 2/2] Use system-wide trust certificate store

Christophe Fergeau cfergeau at redhat.com
Wed Nov 13 02:27:11 PST 2013


Hey,

On Tue, Nov 12, 2013 at 10:55:23AM -0500, i iordanov wrote:
> Hence, would it be possible to provide an option along the lines of
> what librest provides (--with-ca-certificates=[path]), which specifies
> where to look for the system-wide CA bundle?

The latest iteration of the patches no longer tries to figure out the
location of the system-wide CA bundle on its own, but relies on OpenSSL
defaults instead.

> 
> This way, I can create a CA bundle file, add it to mobile applications
> as a resource, and then specify its location to librest and spice-gtk
> at compile time.
> 
> If such an option cannot be provided, it would be nice if I can simply
> change one location in the source of spice-gtk to tell it where to
> look for the bundle. Where is that location?

If you don't specify a CA file explicitly, spice-gtk will try to use
the CA file located in ~/.spicec/spice_truststore.pem if you use
spice_set_session_option in your application (which implies using
the spice commandline option stuff).

Christophe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/spice-devel/attachments/20131113/e3d40bcc/attachment.pgp>


More information about the Spice-devel mailing list