diff options
Diffstat (limited to 'src/core/security/security_context.c')
-rw-r--r-- | src/core/security/security_context.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/src/core/security/security_context.c b/src/core/security/security_context.c index f9fb2407cf..37a312bc81 100644 --- a/src/core/security/security_context.c +++ b/src/core/security/security_context.c @@ -60,6 +60,12 @@ "AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:AES128-" \ "SHA256:AES256-SHA256" +#ifndef INSTALL_PREFIX +static const char *installed_roots_path = "/etc/grpc/roots.pem"; +#else +static const char *installed_roots_path = INSTALL_PREFIX "/etc/grpc/roots.pem"; +#endif + /* -- Common methods. -- */ grpc_security_status grpc_security_context_create_handshaker( @@ -404,9 +410,10 @@ static void init_default_pem_root_certs(void) { default_pem_root_certs = gpr_load_file(default_root_certs_path, NULL); gpr_free(default_root_certs_path); } + (void) installed_roots_path; } -static size_t get_default_pem_roots(const unsigned char **pem_root_certs) { +size_t grpc_get_default_ssl_roots(const unsigned char **pem_root_certs) { /* TODO(jboeuf@google.com): Maybe revisit the approach which consists in loading all the roots once for the lifetime of the process. */ static gpr_once once = GPR_ONCE_INIT; @@ -460,7 +467,7 @@ grpc_security_status grpc_ssl_channel_security_context_create( c->overridden_target_name = gpr_strdup(overridden_target_name); } if (config->pem_root_certs == NULL) { - pem_root_certs_size = get_default_pem_roots(&pem_root_certs); + pem_root_certs_size = grpc_get_default_ssl_roots(&pem_root_certs); if (pem_root_certs == NULL || pem_root_certs_size == 0) { gpr_log(GPR_ERROR, "Could not get default pem root certs."); goto error; |