expose the default cert file as a function, not a define. it's really

an internal detail of the library, so the string should live inside it, not in the application code. ok jsing
author: tedu <> 2018-11-29 14:24:23 +0000
committer: tedu <> 2018-11-29 14:24:23 +0000
commit: 6dee83d0efd9b6a0e45f73737efb9078aafbdd15 (patch)
tree: ec4788d4ef28ebf5ffa8baf3093f4d98017df946 /src/lib/libtls/tls.c
parent: 1604e1fa73583347fa0b8735c9f9485428eba1b5 (diff)
download: openbsd-6dee83d0efd9b6a0e45f73737efb9078aafbdd15.tar.gz
openbsd-6dee83d0efd9b6a0e45f73737efb9078aafbdd15.tar.bz2
openbsd-6dee83d0efd9b6a0e45f73737efb9078aafbdd15.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/libtls/tls.c b/src/lib/libtls/tls.c
index 4362c60c80..bf1d9da81e 100644
--- a/src/lib/libtls/tls.c
+++ b/src/lib/libtls/tls.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls.c,v 1.81 2018/11/06 20:34:54 jsing Exp $ */
+/* $OpenBSD: tls.c,v 1.82 2018/11/29 14:24:23 tedu Exp $ */
 /*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
@@ -501,7 +501,7 @@ tls_configure_ssl_verify(struct tls *ctx, SSL_CTX *ssl_ctx, int verify)
        /* If no CA has been specified, attempt to load the default. */
        if (ctx->config->ca_mem == NULL && ctx->config->ca_path == NULL) {
-                if (tls_config_load_file(&ctx->error, "CA", TLS_CA_CERT_FILE,
+                if (tls_config_load_file(&ctx->error, "CA", tls_default_ca_cert_file(),
                    &ca_mem, &ca_len) != 0)
                        goto err;
                ca_free = ca_mem;
author	tedu <>	2018-11-29 14:24:23 +0000
committer	tedu <>	2018-11-29 14:24:23 +0000
commit	6dee83d0efd9b6a0e45f73737efb9078aafbdd15 (patch)
tree	ec4788d4ef28ebf5ffa8baf3093f4d98017df946 /src/lib/libtls/tls.c
parent	1604e1fa73583347fa0b8735c9f9485428eba1b5 (diff)
download	openbsd-6dee83d0efd9b6a0e45f73737efb9078aafbdd15.tar.gz openbsd-6dee83d0efd9b6a0e45f73737efb9078aafbdd15.tar.bz2 openbsd-6dee83d0efd9b6a0e45f73737efb9078aafbdd15.zip

diff --git a/src/lib/libtls/tls.c b/src/lib/libtls/tls.c index 4362c60c80..bf1d9da81e 100644 --- a/src/lib/libtls/tls.c +++ b/src/lib/libtls/tls.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls.c,v 1.81 2018/11/06 20:34:54 jsing Exp $ */	1	/* $OpenBSD: tls.c,v 1.82 2018/11/29 14:24:23 tedu Exp $ */
2	/*	2	/*
3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -501,7 +501,7 @@ tls_configure_ssl_verify(struct tls ctx, SSL_CTX ssl_ctx, int verify)
501		501
502	/* If no CA has been specified, attempt to load the default. */	502	/* If no CA has been specified, attempt to load the default. */
503	if (ctx->config->ca_mem == NULL && ctx->config->ca_path == NULL) {	503	if (ctx->config->ca_mem == NULL && ctx->config->ca_path == NULL) {
504	if (tls_config_load_file(&ctx->error, "CA", TLS_CA_CERT_FILE,	504	if (tls_config_load_file(&ctx->error, "CA", tls_default_ca_cert_file(),
505	&ca_mem, &ca_len) != 0)	505	&ca_mem, &ca_len) != 0)
506	goto err;	506	goto err;
507	ca_free = ca_mem;	507	ca_free = ca_mem;