From 3703d3770e024331033dcfe7bf68c9e60eaa9cec Mon Sep 17 00:00:00 2001
From: Alex Vakulenko <avakulenko@google.com>
Date: Wed, 19 Aug 2015 12:02:02 -0700
Subject: libchromeos: Fix the CA store path

The certificates are stored at /system/etc/security/cacerts on Brillo

BUG: 23352819
Change-Id: I0ed8a084bb8597671fffd33b03f3d5b5dc01f52c
---
 chromeos/http/http_transport_curl.cc | 9 +++++++--
 chromeos/streams/tls_stream.cc       | 9 +++++++--
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/chromeos/http/http_transport_curl.cc b/chromeos/http/http_transport_curl.cc
index af601c4..5a3e207 100644
--- a/chromeos/http/http_transport_curl.cc
+++ b/chromeos/http/http_transport_curl.cc
@@ -15,7 +15,12 @@
 
 namespace {
 
-const char kChromeOSCACertificatePath[] = "/usr/share/chromeos-ca-certificates";
+const char kCACertificatePath[] =
+#ifdef __ANDROID__
+    "/system/etc/security/cacerts";
+#else
+    "/usr/share/chromeos-ca-certificates";
+#endif
 
 }  // namespace
 
@@ -132,7 +137,7 @@ std::shared_ptr<http::Connection> Transport::CreateConnection(
 
   if (code == CURLE_OK) {
     code = curl_interface_->EasySetOptStr(curl_handle, CURLOPT_CAPATH,
-                                          kChromeOSCACertificatePath);
+                                          kCACertificatePath);
   }
   if (code == CURLE_OK) {
     code =
diff --git a/chromeos/streams/tls_stream.cc b/chromeos/streams/tls_stream.cc
index 8c3c2ee..6dc5ef5 100644
--- a/chromeos/streams/tls_stream.cc
+++ b/chromeos/streams/tls_stream.cc
@@ -56,7 +56,12 @@ void TlsInfoCallback(const SSL *ssl, int where, int ret) {
 int ssl_ctx_private_data_index = -1;
 
 // Default trusted certificate store location.
-const char kChromeOSCACertificatePath[] = "/usr/share/chromeos-ca-certificates";
+const char kCACertificatePath[] =
+#ifdef __ANDROID__
+    "/system/etc/security/cacerts";
+#else
+    "/usr/share/chromeos-ca-certificates";
+#endif
 
 }  // anonymous namespace
 
@@ -351,7 +356,7 @@ bool TlsStream::TlsStreamImpl::Init(StreamPtr socket,
     return ReportError(error, FROM_HERE, "Cannot set the cipher list");
 
   res = SSL_CTX_load_verify_locations(ctx_.get(), nullptr,
-                                      kChromeOSCACertificatePath);
+                                      kCACertificatePath);
   if (res != 1) {
     return ReportError(error, FROM_HERE,
                        "Failed to specify trusted certificate location");
-- 
cgit v1.2.3