On Wed, Sep 18, 2013 at 02:40:52PM +0200, Christophe Fergeau wrote: > Currently, spice-gtk will look in $HOME/.spicec/spice_truststore.pem > by default for its trust certificate store (to verify the certificates > used during SPICE TLS connections). However, these days a system-wide > trust store can be found in /etc/pki or /etc/ssl. > This commit checks at compile time where the trust store is located, > and then loads it before loading the user-specified trust store. > This can be disabled at compile time using --without-ca-certificates. I'm curious how useful / desirable this actually is. I can see how it makes total sense to use the global CA bundle if your application is making HTTPS connections to public internet services, so you have all the global CA's known. For SPICE though, users are pretty unlikely to be purchasing certs from the commercial CA (protection racket) vendors. They'll almost certainly be using their own internal CA. The question is, would they be likely to append their own private CA onto the list of the global certs ? I'm somewhat sceptical. In addition by making SPICE use the global CA cert bundle by default we're making it much much easier for $evil people to MITM attack any SPICE connection by getting a valid cert from any CA in that bundle. Personally I'm not convinced SPICE should use the global CA list by default. Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| _______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/spice-devel