[Spice-devel] [spice-gtk] Use system-wide trust certificate store
Daniel P. Berrange
berrange at redhat.com
Wed Sep 18 06:11:20 PDT 2013
On Wed, Sep 18, 2013 at 02:40:52PM +0200, Christophe Fergeau wrote:
> Currently, spice-gtk will look in $HOME/.spicec/spice_truststore.pem
> by default for its trust certificate store (to verify the certificates
> used during SPICE TLS connections). However, these days a system-wide
> trust store can be found in /etc/pki or /etc/ssl.
> This commit checks at compile time where the trust store is located,
> and then loads it before loading the user-specified trust store.
> This can be disabled at compile time using --without-ca-certificates.
I'm curious how useful / desirable this actually is. I can see how
it makes total sense to use the global CA bundle if your application
is making HTTPS connections to public internet services, so you have
all the global CA's known.
For SPICE though, users are pretty unlikely to be purchasing certs
from the commercial CA (protection racket) vendors. They'll almost
certainly be using their own internal CA.
The question is, would they be likely to append their own private
CA onto the list of the global certs ? I'm somewhat sceptical.
In addition by making SPICE use the global CA cert bundle by default
we're making it much much easier for $evil people to MITM attack any
SPICE connection by getting a valid cert from any CA in that bundle.
Personally I'm not convinced SPICE should use the global CA list
by default.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the Spice-devel
mailing list