Allow the CA certificate to come from the user's home directory or from the global location independently of the client certificate/key pair. Mostly for the case when each user on a system has their own cert/key pair but the system as a whole shares the same CA. Signed-off-by: Doug Goldstein <cardoe(a)gentoo.org&gt; ---  src/remote/remote_driver.c |   19 ++++++++++++-------  1 files changed, 12 insertions(+), 7 deletions(-) diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index 4c3bdf3..9965d38 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -1222,21 +1222,26 @@ initialize_gnutls(char *pkipath, int flags)                         "clientcert.pem")) < 0)             goto out_of_memory; -        /* Use default location as long as one of CA certificate, +        /* Use the default location of the CA certificate if it +         * cannot be found in $HOME/.pki/libvirt +         */ +        if (!virFileExists(libvirt_cacert)) { +            VIR_FREE(libvirt_cacert); + +            libvirt_cacert = strdup(LIBVIRT_CACERT); +            if (!libvirt_cacert) goto out_of_memory; +        } + +        /* Use default location as long as one of          * client key, and client certificate cannot be found in          * $HOME/.pki/libvirt, we don't want to make user confused          * with one file is here, the other is there.          */ -        if (!virFileExists(libvirt_cacert) || -            !virFileExists(libvirt_clientkey) || +        if (!virFileExists(libvirt_clientkey) ||             !virFileExists(libvirt_clientcert)) { -            VIR_FREE(libvirt_cacert);             VIR_FREE(libvirt_clientkey);             VIR_FREE(libvirt_clientcert); -            libvirt_cacert = strdup(LIBVIRT_CACERT); -            if (!libvirt_cacert) goto out_of_memory; -             libvirt_clientkey = strdup(LIBVIRT_CLIENTKEY);             if (!libvirt_clientkey) goto out_of_memory; -- 1.7.5.rc3