[Spice-devel] [spice-gtk] Use system-wide trust certificate store
Christophe Fergeau
cfergeau at redhat.com
Wed Sep 18 05:44:40 PDT 2013
On Wed, Sep 18, 2013 at 02:40:52PM +0200, Christophe Fergeau wrote:
> diff --git a/gtk/spice-channel.c b/gtk/spice-channel.c
> index b01b820..ab07453 100644
> --- a/gtk/spice-channel.c
> +++ b/gtk/spice-channel.c
> @@ -2159,6 +2159,7 @@ static int spice_channel_load_ca(SpiceChannel *channel)
> guint8 *ca;
> guint size;
> const gchar *ca_file;
> + int rc;
>
> g_return_val_if_fail(c->ctx != NULL, 0);
>
> @@ -2189,13 +2190,19 @@ static int spice_channel_load_ca(SpiceChannel *channel)
> sk_X509_INFO_pop_free(inf, X509_INFO_free);
> }
>
> - if (ca_file != NULL) {
> - int rc = SSL_CTX_load_verify_locations(c->ctx, ca_file, NULL);
> - if (rc != 1)
> - g_warning("loading ca certs from %s failed", ca_file);
> - else
> - count++;
> - }
> +#ifdef SPICE_SYSTEM_CA_FILE
> + rc = SSL_CTX_load_verify_locations(c->ctx, SPICE_SYSTEM_CA_FILE, NULL);
> + if (rc != 1)
> + g_warning("loading ca certs from %s failed", ca_file);
> + else
> + count++;
> +#endif
> +
> + rc = SSL_CTX_load_verify_locations(c->ctx, ca_file, NULL);
> + if (rc != 1)
> + g_warning("loading ca certs from %s failed", ca_file);
> + else
> + count++;
Hmm I'll send a v2 keeping the if (ca_file != NULL), I removed it in the
first iteration of this patch.
Christophe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/spice-devel/attachments/20130918/b4c23d99/attachment.pgp>
More information about the Spice-devel
mailing list