1 files changed, 9 insertions, 2 deletions

diff --git a/src/core/security/security_context.c b/src/core/security/security_context.c
index f9fb2407cf..37a312bc81 100644
--- a/src/core/security/security_context.c
+++ b/src/core/security/security_context.c
@@ -60,6 +60,12 @@
   "AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:AES128-"  \
   "SHA256:AES256-SHA256"
 
+#ifndef INSTALL_PREFIX
+static const char *installed_roots_path = "/etc/grpc/roots.pem";
+#else
+static const char *installed_roots_path = INSTALL_PREFIX "/etc/grpc/roots.pem";
+#endif
+
 /* -- Common methods. -- */
 
 grpc_security_status grpc_security_context_create_handshaker(
@@ -404,9 +410,10 @@ static void init_default_pem_root_certs(void) {
     default_pem_root_certs = gpr_load_file(default_root_certs_path, NULL);
     gpr_free(default_root_certs_path);
   }
+  (void) installed_roots_path;
 }
 
-static size_t get_default_pem_roots(const unsigned char **pem_root_certs) {
+size_t grpc_get_default_ssl_roots(const unsigned char **pem_root_certs) {
   /* TODO(jboeuf@google.com): Maybe revisit the approach which consists in
      loading all the roots once for the lifetime of the process. */
   static gpr_once once = GPR_ONCE_INIT;
@@ -460,7 +467,7 @@ grpc_security_status grpc_ssl_channel_security_context_create(
     c->overridden_target_name = gpr_strdup(overridden_target_name);
   }
   if (config->pem_root_certs == NULL) {
-    pem_root_certs_size = get_default_pem_roots(&pem_root_certs);
+    pem_root_certs_size = grpc_get_default_ssl_roots(&pem_root_certs);
     if (pem_root_certs == NULL || pem_root_certs_size == 0) {
       gpr_log(GPR_ERROR, "Could not get default pem root certs.");
       goto error;