Hi Iordan, I'm a mere Android user so this question of mine may be dumb: On Android, there is a system store for CAs and a user store for certificates (not just CAs but also personal and maybe self-signed). Is there some good way (API, fs location, ...) how can apps use these essentially system certs? David i iordanov píše v Út 12. 11. 2013 v 10:55 -0500: > Hi Christophe, > > I know I may be opening a can of worms with this question, but it'll > help with supporting mobile devices, and maybe improve portability. > > Typically we cross-compile binaries for mobile devices, so detecting > the location of anything automatically will yield inappropriate > results. In addition, we cannot rely that on a mobile device the > system-wide store is in /etc/pki, /etc/ssl or that it's accessible. > > Hence, would it be possible to provide an option along the lines of > what librest provides (--with-ca-certificates=[path]), which specifies > where to look for the system-wide CA bundle? > > This way, I can create a CA bundle file, add it to mobile applications > as a resource, and then specify its location to librest and spice-gtk > at compile time. > > If such an option cannot be provided, it would be nice if I can simply > change one location in the source of spice-gtk to tell it where to > look for the bundle. Where is that location? > > Thanks! > iordan > > On Tue, Nov 12, 2013 at 10:23 AM, Christophe Fergeau > <cfergeau@xxxxxxxxxx> wrote: > > On Tue, Nov 12, 2013 at 04:20:03PM +0100, Christophe Fergeau wrote: > >> Currently, spice-gtk will look in $HOME/.spicec/spice_truststore.pem > >> by default for its trust certificate store (to verify the certificates > >> used during SPICE TLS connections). However, these days a system-wide > >> trust store can be found in /etc/pki or /etc/ssl. > >> This commit checks at compile time where the trust store is located, > >> and then loads it before loading the user-specified trust store. > >> This can be disabled at compile time using --without-ca-certificates. > > > > I forgot to amend this ;) > > > > Christophe > > > > _______________________________________________ > > Spice-devel mailing list > > Spice-devel@xxxxxxxxxxxxxxxxxxxxx > > http://lists.freedesktop.org/mailman/listinfo/spice-devel > > > > > -- David Jaša, RHCE SPICE QE based in Brno GPG Key: 22C33E24 Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/spice-devel