commit 35b3584ab4041aa32e1d049bd6ddff5941b03df2
author Alex Deymo <deymo@google.com> Tue Oct 20 11:21:56 2015 -0700
committer Gerrit Code Review <noreply-gerritcodereview@google.com> Tue Oct 20 20:52:03 2015 +0000
tree 3c5a3a2ba44af82cf0ba6b86089bcce5706db3ed
parent 6eddf26ce30989c0f4812b3b9de17760a40fdea7

Use CA certificates from standard location in Brillo.

Brillo images have all the CA certificates for the whole system in
/system/etc/security/cacerts. For update_engine, we would like to
accept only a sub-set of those, but we will start by accepting all
the installed certs.

Bug: 25089263
Test: `mm`, deployed on a -userdebug build and updated

Change-Id: Ib05e6ea1c5efb98a6320ce6288842e2277f67b1f

libcurl_http_fetcher.cc

diff --git a/libcurl_http_fetcher.cc b/libcurl_http_fetcher.cc
index 8a3fd3b..5253214 100644
--- a/libcurl_http_fetcher.cc
+++ b/libcurl_http_fetcher.cc
@@ -28,6 +28,7 @@
 
 #include "update_engine/certificate_checker.h"
 #include "update_engine/hardware_interface.h"
+#include "update_engine/platform_constants.h"
 
 using base::TimeDelta;
 using brillo::MessageLoop;
@@ -41,7 +42,6 @@
 
 namespace {
 const int kNoNetworkRetrySeconds = 10;
-const char kCACertificatesPath[] = "/usr/share/chromeos-ca-certificates";
 }  // namespace
 
 LibcurlHttpFetcher::~LibcurlHttpFetcher() {
@@ -212,7 +212,8 @@
   LOG(INFO) << "Setting up curl options for HTTPS";
   CHECK_EQ(curl_easy_setopt(curl_handle_, CURLOPT_SSL_VERIFYPEER, 1),
            CURLE_OK);
-  CHECK_EQ(curl_easy_setopt(curl_handle_, CURLOPT_CAPATH, kCACertificatesPath),
+  CHECK_EQ(curl_easy_setopt(curl_handle_, CURLOPT_CAPATH,
+                            constants::kCACertificatesPath),
            CURLE_OK);
   CHECK_EQ(curl_easy_setopt(curl_handle_, CURLOPT_PROTOCOLS, CURLPROTO_HTTPS),
            CURLE_OK);