Hi Christophe, I know I may be opening a can of worms with this question, but it'll help with supporting mobile devices, and maybe improve portability. Typically we cross-compile binaries for mobile devices, so detecting the location of anything automatically will yield inappropriate results. In addition, we cannot rely that on a mobile device the system-wide store is in /etc/pki, /etc/ssl or that it's accessible. Hence, would it be possible to provide an option along the lines of what librest provides (--with-ca-certificates=[path]), which specifies where to look for the system-wide CA bundle? This way, I can create a CA bundle file, add it to mobile applications as a resource, and then specify its location to librest and spice-gtk at compile time. If such an option cannot be provided, it would be nice if I can simply change one location in the source of spice-gtk to tell it where to look for the bundle. Where is that location? Thanks! iordan On Tue, Nov 12, 2013 at 10:23 AM, Christophe Fergeau <cfergeau@xxxxxxxxxx> wrote: > On Tue, Nov 12, 2013 at 04:20:03PM +0100, Christophe Fergeau wrote: >> Currently, spice-gtk will look in $HOME/.spicec/spice_truststore.pem >> by default for its trust certificate store (to verify the certificates >> used during SPICE TLS connections). However, these days a system-wide >> trust store can be found in /etc/pki or /etc/ssl. >> This commit checks at compile time where the trust store is located, >> and then loads it before loading the user-specified trust store. >> This can be disabled at compile time using --without-ca-certificates. > > I forgot to amend this ;) > > Christophe > > _______________________________________________ > Spice-devel mailing list > Spice-devel@xxxxxxxxxxxxxxxxxxxxx > http://lists.freedesktop.org/mailman/listinfo/spice-devel > -- The conscious mind has only one thread of execution. _______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/spice-devel