[Spice-devel] [spice-gtk] Use system-wide trust certificate store
Christophe Fergeau
cfergeau at redhat.com
Wed Sep 18 06:13:13 PDT 2013
On Wed, Sep 18, 2013 at 03:03:57PM +0200, Marc-André Lureau wrote:
> >> - if (ca_file != NULL) {
> >> - int rc = SSL_CTX_load_verify_locations(c->ctx, ca_file, NULL);
> >> - if (rc != 1)
> >> - g_warning("loading ca certs from %s failed", ca_file);
> >> - else
> >> - count++;
> >> - }
> >> +#ifdef SPICE_SYSTEM_CA_FILE
> >> + rc = SSL_CTX_load_verify_locations(c->ctx, SPICE_SYSTEM_CA_FILE, NULL);
> >> + if (rc != 1)
> >> + g_warning("loading ca certs from %s failed", ca_file);
> >> + else
> >> + count++;
> >> +#endif
> >> +
> >> + rc = SSL_CTX_load_verify_locations(c->ctx, ca_file, NULL);
> >> + if (rc != 1)
> >> + g_warning("loading ca certs from %s failed", ca_file);
> >> + else
> >> + count++;
>
> If the ca_file is given, should we still load the system ca? I guess not.
Ok, will need to special case the default value set by spice-option.c when
no ca file is passed in.
Christophe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/spice-devel/attachments/20130918/40261a3f/attachment-0001.pgp>
More information about the Spice-devel
mailing list