Use CA certificates from standard location in Brillo. Brillo images have all the CA certificates for the whole system in /system/etc/security/cacerts. For update_engine, we would like to accept only a sub-set of those, but we will start by accepting all the installed certs. Bug: 25089263 Test: `mm`, deployed on a -userdebug build and updated Change-Id: Ib05e6ea1c5efb98a6320ce6288842e2277f67b1f

commit: 35b3584ab4041aa32e1d049bd6ddff5941b03df2 [log] [tgz]
author: Alex Deymo <deymo@google.com> Tue Oct 20 11:21:56 2015 -0700
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Tue Oct 20 20:52:03 2015 +0000
tree: 3c5a3a2ba44af82cf0ba6b86089bcce5706db3ed
parent: 6eddf26ce30989c0f4812b3b9de17760a40fdea7 [diff] [blame]
diff --git a/platform_constants.h b/platform_constants.h
index 189d134..310eed9 100644
--- a/platform_constants.h
+++ b/platform_constants.h

@@ -38,6 +38,11 @@
 // whole payload.
 extern const char kUpdatePayloadPublicKeyPath[];
 
+// Path to the directory containing all the SSL certificates accepted by
+// update_engine when sending requests to Omaha and the download server (if
+// HTTPS is used for that as well).
+extern const char kCACertificatesPath[];
+
 // Path to the file used to notify chrome about the deadline of the last omaha
 // response. Empty if not supported.
 extern const char kOmahaResponseDeadlineFile[];
commit	35b3584ab4041aa32e1d049bd6ddff5941b03df2	[log] [tgz]
author	Alex Deymo <deymo@google.com>	Tue Oct 20 11:21:56 2015 -0700
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Tue Oct 20 20:52:03 2015 +0000
tree	3c5a3a2ba44af82cf0ba6b86089bcce5706db3ed
parent	6eddf26ce30989c0f4812b3b9de17760a40fdea7 [diff] [blame]