[Spice-devel] [spice-gtk] Use system-wide trust certificate store

Christophe Fergeau cfergeau at redhat.com
Wed Sep 18 06:11:06 PDT 2013


On Wed, Sep 18, 2013 at 03:01:56PM +0200, Marc-André Lureau wrote:
> On Wed, Sep 18, 2013 at 2:40 PM, Christophe Fergeau <cfergeau at redhat.com> wrote:
> > Currently, spice-gtk will look in $HOME/.spicec/spice_truststore.pem
> > by default for its trust certificate store (to verify the certificates
> > used during SPICE TLS connections). However, these days a system-wide
> > trust store can be found in /etc/pki or /etc/ssl.
> > This commit checks at compile time where the trust store is located,
> > and then loads it before loading the user-specified trust store.
> > This can be disabled at compile time using --without-ca-certificates.
> 
> Is it really a good idea to "guess" the location of the trust store?

This is how it's done in glib-networking, imo it's fine, I don't really
see someone deciding to put a in /etc/pki or /etc/ssl with a generic name
and then complaining that this had side effects.

Christophe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/spice-devel/attachments/20130918/4310bd77/attachment.pgp>


More information about the Spice-devel mailing list