Hi Christophe, On Wed, Nov 13, 2013 at 5:27 AM, Christophe Fergeau <cfergeau@xxxxxxxxxx> wrote: > If you don't specify a CA file explicitly, spice-gtk will try to use > the CA file located in ~/.spicec/spice_truststore.pem if you use > spice_set_session_option in your application (which implies using > the spice commandline option stuff). OK, then I'll simply set the ca_file to point to a CA bundle I ship with the application for both ovirt and SPICE by default. If the user overrides that with their own CA, then the CA bundle provided with the app will not be used. Essentially, this emulates the behavior of having a properly set path in OpenSSL and passing the --ovirt-ca-file and/or --spice-ca-file options to remote-viewer, right? Still, if OpenSSL provided functionality to set the default path to its key-store at run-time, that would work best as it wouldn't require a recompilation in order to change the path. I assume there is some sort of option when configuring OpenSSL to set that path, but while unlikely, it may be hard coded... Thanks! iordan -- The conscious mind has only one thread of execution. _______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/spice-devel