summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjsing <>2018-11-06 20:34:54 +0000
committerjsing <>2018-11-06 20:34:54 +0000
commitdb941a1cfe2e8232c86adf98026bc75fdcce8760 (patch)
tree904f13b7efbaf987abda0a6dc30c16f43ec640f0
parent787819c8956c948e042a0e279bdb1f9a95862f33 (diff)
downloadopenbsd-db941a1cfe2e8232c86adf98026bc75fdcce8760.tar.gz
openbsd-db941a1cfe2e8232c86adf98026bc75fdcce8760.tar.bz2
openbsd-db941a1cfe2e8232c86adf98026bc75fdcce8760.zip
Define TLS_CA_CERT_FILE rather than having every application create their
own define for /etc/ssl/cert.pem. ok beck@ bluhm@ tb@
Diffstat
-rw-r--r--src/lib/libtls/tls.c4
-rw-r--r--src/lib/libtls/tls.h4
-rw-r--r--src/lib/libtls/tls_internal.h4
3 files changed, 6 insertions, 6 deletions
diff --git a/src/lib/libtls/tls.c b/src/lib/libtls/tls.c
index 6033e846ba..4362c60c80 100644
--- a/src/lib/libtls/tls.c
+++ b/src/lib/libtls/tls.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls.c,v 1.80 2018/04/07 16:30:59 jsing Exp $ */ 1/* $OpenBSD: tls.c,v 1.81 2018/11/06 20:34:54 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -501,7 +501,7 @@ tls_configure_ssl_verify(struct tls *ctx, SSL_CTX *ssl_ctx, int verify)
501 501
502 /* If no CA has been specified, attempt to load the default. */ 502 /* If no CA has been specified, attempt to load the default. */
503 if (ctx->config->ca_mem == NULL && ctx->config->ca_path == NULL) { 503 if (ctx->config->ca_mem == NULL && ctx->config->ca_path == NULL) {
504 if (tls_config_load_file(&ctx->error, "CA", _PATH_SSL_CA_FILE, 504 if (tls_config_load_file(&ctx->error, "CA", TLS_CA_CERT_FILE,
505 &ca_mem, &ca_len) != 0) 505 &ca_mem, &ca_len) != 0)
506 goto err; 506 goto err;
507 ca_free = ca_mem; 507 ca_free = ca_mem;
diff --git a/src/lib/libtls/tls.h b/src/lib/libtls/tls.h
index 9f5379e65e..1b2d2c954c 100644
--- a/src/lib/libtls/tls.h
+++ b/src/lib/libtls/tls.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls.h,v 1.53 2018/02/10 04:58:08 jsing Exp $ */ 1/* $OpenBSD: tls.h,v 1.54 2018/11/06 20:34:54 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -29,6 +29,8 @@ extern "C" {
29 29
30#define TLS_API 20180210 30#define TLS_API 20180210
31 31
32#define TLS_CA_CERT_FILE "/etc/ssl/cert.pem"
33
32#define TLS_PROTOCOL_TLSv1_0 (1 << 1) 34#define TLS_PROTOCOL_TLSv1_0 (1 << 1)
33#define TLS_PROTOCOL_TLSv1_1 (1 << 2) 35#define TLS_PROTOCOL_TLSv1_1 (1 << 2)
34#define TLS_PROTOCOL_TLSv1_2 (1 << 3) 36#define TLS_PROTOCOL_TLSv1_2 (1 << 3)
diff --git a/src/lib/libtls/tls_internal.h b/src/lib/libtls/tls_internal.h
index b236204e81..e1a858d4de 100644
--- a/src/lib/libtls/tls_internal.h
+++ b/src/lib/libtls/tls_internal.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls_internal.h,v 1.72 2018/04/07 16:35:34 jsing Exp $ */ 1/* $OpenBSD: tls_internal.h,v 1.73 2018/11/06 20:34:54 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org> 3 * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
4 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> 4 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
@@ -26,8 +26,6 @@
26 26
27__BEGIN_HIDDEN_DECLS 27__BEGIN_HIDDEN_DECLS
28 28
29#define _PATH_SSL_CA_FILE "/etc/ssl/cert.pem"
30
31#define TLS_CIPHERS_DEFAULT "TLSv1.2+AEAD+ECDHE:TLSv1.2+AEAD+DHE" 29#define TLS_CIPHERS_DEFAULT "TLSv1.2+AEAD+ECDHE:TLSv1.2+AEAD+DHE"
32#define TLS_CIPHERS_COMPAT "HIGH:!aNULL" 30#define TLS_CIPHERS_COMPAT "HIGH:!aNULL"
33#define TLS_CIPHERS_LEGACY "HIGH:MEDIUM:!aNULL" 31#define TLS_CIPHERS_LEGACY "HIGH:MEDIUM:!aNULL"
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 22:49:46 +0000