On Tue, Nov 12, 2013 at 5:24 PM, Christophe Fergeau <cfergeau@xxxxxxxxxx> wrote:
> + if (use_system_ca) {
> + rc = SSL_CTX_set_default_verify_paths(c->ctx);
> + if (rc != 1)
I assume this doesn't override the previously loaded CA, but could you verify?
anyway, I think it would be safer to check previous success and skip
further loading.
The current code is not perfect in this regard, but it's mostly a
client error if both file and memory CA are given. And I am not sure
we should permit that.
Any idea?
--
Marc-André Lureau
_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/spice-devel