On Wed, Sep 18, 2013 at 03:01:56PM +0200, Marc-André Lureau wrote: > On Wed, Sep 18, 2013 at 2:40 PM, Christophe Fergeau <cferg...@redhat.com> > wrote: > > Currently, spice-gtk will look in $HOME/.spicec/spice_truststore.pem > > by default for its trust certificate store (to verify the certificates > > used during SPICE TLS connections). However, these days a system-wide > > trust store can be found in /etc/pki or /etc/ssl. > > This commit checks at compile time where the trust store is located, > > and then loads it before loading the user-specified trust store. > > This can be disabled at compile time using --without-ca-certificates. > > Is it really a good idea to "guess" the location of the trust store?
This is how it's done in glib-networking, imo it's fine, I don't really see someone deciding to put a in /etc/pki or /etc/ssl with a generic name and then complaining that this had side effects. Christophe
pgp4fFh7Vc8Hq.pgp
Description: PGP signature
_______________________________________________ Spice-devel mailing list Spice-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/spice-devel
