On Wed, Sep 18, 2013 at 03:03:57PM +0200, Marc-André Lureau wrote:
> >> - if (ca_file != NULL) {
> >> - int rc = SSL_CTX_load_verify_locations(c->ctx, ca_file, NULL);
> >> - if (rc != 1)
> >> - g_warning("loading ca certs from %s failed", ca_file);
> >> - else
> >> - count++;
> >> - }
> >> +#ifdef SPICE_SYSTEM_CA_FILE
> >> + rc = SSL_CTX_load_verify_locations(c->ctx, SPICE_SYSTEM_CA_FILE, NULL);
> >> + if (rc != 1)
> >> + g_warning("loading ca certs from %s failed", ca_file);
> >> + else
> >> + count++;
> >> +#endif
> >> +
> >> + rc = SSL_CTX_load_verify_locations(c->ctx, ca_file, NULL);
> >> + if (rc != 1)
> >> + g_warning("loading ca certs from %s failed", ca_file);
> >> + else
> >> + count++;
>
> If the ca_file is given, should we still load the system ca? I guess not.
Ok, will need to special case the default value set by spice-option.c when
no ca file is passed in.
Christophe
Attachment:
pgpnST2StWWuV.pgp
Description: PGP signature
_______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/spice-devel