On Wed, Sep 18, 2013 at 02:40:52PM +0200, Christophe Fergeau wrote:
> diff --git a/gtk/spice-channel.c b/gtk/spice-channel.c
> index b01b820..ab07453 100644
> --- a/gtk/spice-channel.c
> +++ b/gtk/spice-channel.c
> @@ -2159,6 +2159,7 @@ static int spice_channel_load_ca(SpiceChannel *channel)
> guint8 *ca;
> guint size;
> const gchar *ca_file;
> + int rc;
>
> g_return_val_if_fail(c->ctx != NULL, 0);
>
> @@ -2189,13 +2190,19 @@ static int spice_channel_load_ca(SpiceChannel *channel)
> sk_X509_INFO_pop_free(inf, X509_INFO_free);
> }
>
> - if (ca_file != NULL) {
> - int rc = SSL_CTX_load_verify_locations(c->ctx, ca_file, NULL);
> - if (rc != 1)
> - g_warning("loading ca certs from %s failed", ca_file);
> - else
> - count++;
> - }
> +#ifdef SPICE_SYSTEM_CA_FILE
> + rc = SSL_CTX_load_verify_locations(c->ctx, SPICE_SYSTEM_CA_FILE, NULL);
> + if (rc != 1)
> + g_warning("loading ca certs from %s failed", ca_file);
> + else
> + count++;
> +#endif
> +
> + rc = SSL_CTX_load_verify_locations(c->ctx, ca_file, NULL);
> + if (rc != 1)
> + g_warning("loading ca certs from %s failed", ca_file);
> + else
> + count++;
Hmm I'll send a v2 keeping the if (ca_file != NULL), I removed it in the
first iteration of this patch.
Christophe
Attachment:
pgp5kfFpTzfU5.pgp
Description: PGP signature
_______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/spice-devel