On St, 2013-09-18 at 15:24 +0200, Christophe Fergeau wrote:
> On Wed, Sep 18, 2013 at 02:11:20PM +0100, Daniel P. Berrange wrote:
> > For SPICE though, users are pretty unlikely to be purchasing certs
> > from the commercial CA (protection racket) vendors. They'll almost
> > certainly be using thei
On Wed, Sep 18, 2013 at 03:24:36PM +0200, Christophe Fergeau wrote:
> On Wed, Sep 18, 2013 at 02:11:20PM +0100, Daniel P. Berrange wrote:
> > For SPICE though, users are pretty unlikely to be purchasing certs
> > from the commercial CA (protection racket) vendors. They'll almost
> > certainly be us
On Wed, Sep 18, 2013 at 02:11:20PM +0100, Daniel P. Berrange wrote:
> For SPICE though, users are pretty unlikely to be purchasing certs
> from the commercial CA (protection racket) vendors. They'll almost
> certainly be using their own internal CA.
>
> The question is, would they be likely to ap
On Wed, Sep 18, 2013 at 03:03:57PM +0200, Marc-André Lureau wrote:
> >> -if (ca_file != NULL) {
> >> -int rc = SSL_CTX_load_verify_locations(c->ctx, ca_file, NULL);
> >> -if (rc != 1)
> >> -g_warning("loading ca certs from %s failed", ca_file);
> >> -else
> >
On Wed, Sep 18, 2013 at 02:40:52PM +0200, Christophe Fergeau wrote:
> Currently, spice-gtk will look in $HOME/.spicec/spice_truststore.pem
> by default for its trust certificate store (to verify the certificates
> used during SPICE TLS connections). However, these days a system-wide
> trust store c
On Wed, Sep 18, 2013 at 03:01:56PM +0200, Marc-André Lureau wrote:
> On Wed, Sep 18, 2013 at 2:40 PM, Christophe Fergeau
> wrote:
> > Currently, spice-gtk will look in $HOME/.spicec/spice_truststore.pem
> > by default for its trust certificate store (to verify the certificates
> > used during SPI
On Wed, Sep 18, 2013 at 3:01 PM, Marc-André Lureau
wrote:
> On Wed, Sep 18, 2013 at 2:40 PM, Christophe Fergeau
> wrote:
>> Currently, spice-gtk will look in $HOME/.spicec/spice_truststore.pem
>> by default for its trust certificate store (to verify the certificates
>> used during SPICE TLS conn
On Wed, Sep 18, 2013 at 2:40 PM, Christophe Fergeau wrote:
> Currently, spice-gtk will look in $HOME/.spicec/spice_truststore.pem
> by default for its trust certificate store (to verify the certificates
> used during SPICE TLS connections). However, these days a system-wide
> trust store can be fo
On Wed, Sep 18, 2013 at 02:40:52PM +0200, Christophe Fergeau wrote:
> diff --git a/gtk/spice-channel.c b/gtk/spice-channel.c
> index b01b820..ab07453 100644
> --- a/gtk/spice-channel.c
> +++ b/gtk/spice-channel.c
> @@ -2159,6 +2159,7 @@ static int spice_channel_load_ca(SpiceChannel *channel)
>
Currently, spice-gtk will look in $HOME/.spicec/spice_truststore.pem
by default for its trust certificate store (to verify the certificates
used during SPICE TLS connections). However, these days a system-wide
trust store can be found in /etc/pki or /etc/ssl.
This commit checks at compile time wher
10 matches
Mail list logo
