diff options
author | Bertrand SIMONNET <bsimonnet@google.com> | 2015-11-25 15:36:51 -0800 |
---|---|---|
committer | Bertrand SIMONNET <bsimonnet@google.com> | 2015-11-30 10:29:34 -0800 |
commit | bccdc4c4dc25412608064edbfec302e733a28937 (patch) | |
tree | feaf77839d1c5a7392b71cae41bafebe1c92dec9 | |
parent | b6a5c6113b0b7ae947c5a1729d4b9d08287a83e2 (diff) | |
download | platform_external_libbrillo-bccdc4c4dc25412608064edbfec302e733a28937.tar.gz platform_external_libbrillo-bccdc4c4dc25412608064edbfec302e733a28937.tar.bz2 platform_external_libbrillo-bccdc4c4dc25412608064edbfec302e733a28937.zip |
libbrillo: Use the restricted certificates.
Instead of using the default CA certificates, libbrillo should use the
restricted list of certificates installed in
/system/etc/security/cacerts_google.
Bug: 25797832
Test: manual: Enable the verbose mode of libcurl.
* The certificates used are correct.
* POSTing to a google server works.
* POSTing to a CA in the default CA list but not in the restricted
list fails on the certificate verification step.
Test: manual: The ledflasher example works.
Change-Id: If3b836a2fa461ba3103e05c60e5630c8c919d1f3
-rw-r--r-- | brillo/http/http_transport_curl.cc | 2 | ||||
-rw-r--r-- | brillo/streams/tls_stream.cc | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/brillo/http/http_transport_curl.cc b/brillo/http/http_transport_curl.cc index 048429e..e2f314a 100644 --- a/brillo/http/http_transport_curl.cc +++ b/brillo/http/http_transport_curl.cc @@ -17,7 +17,7 @@ namespace { const char kCACertificatePath[] = #ifdef __ANDROID__ - "/system/etc/security/cacerts"; + "/system/etc/security/cacerts_google"; #else "/usr/share/brillo-ca-certificates"; #endif diff --git a/brillo/streams/tls_stream.cc b/brillo/streams/tls_stream.cc index 70d1e13..f82db1a 100644 --- a/brillo/streams/tls_stream.cc +++ b/brillo/streams/tls_stream.cc @@ -58,7 +58,7 @@ int ssl_ctx_private_data_index = -1; // Default trusted certificate store location. const char kCACertificatePath[] = #ifdef __ANDROID__ - "/system/etc/security/cacerts"; + "/system/etc/security/cacerts_google"; #else "/usr/share/chromeos-ca-certificates"; #endif |