expose the default cert file as a function, not a define. it's really

an internal detail of the library, so the string should live inside it,
not in the application code.
ok jsing

1 files changed, 3 insertions, 3 deletions

diff --git a/src/lib/libtls/tls.h b/src/lib/libtls/tls.h
index 1b2d2c954c..560809ee19 100644
--- a/src/lib/libtls/tls.h
+++ b/src/lib/libtls/tls.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls.h,v 1.54 2018/11/06 20:34:54 jsing Exp $ */
+/* $OpenBSD: tls.h,v 1.55 2018/11/29 14:24:23 tedu Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -29,8 +29,6 @@ extern "C" {
 
 #define TLS_API 20180210
 
-#define TLS_CA_CERT_FILE        "/etc/ssl/cert.pem"
-
 #define TLS_PROTOCOL_TLSv1_0    (1 << 1)
 #define TLS_PROTOCOL_TLSv1_1    (1 << 2)
 #define TLS_PROTOCOL_TLSv1_2    (1 << 3)
@@ -87,6 +85,8 @@ const char *tls_error(struct tls *_ctx);
 struct tls_config *tls_config_new(void);
 void tls_config_free(struct tls_config *_config);
 
+const char *tls_default_ca_cert_file(void);
+
 int tls_config_add_keypair_file(struct tls_config *_config,
     const char *_cert_file, const char *_key_file);
 int tls_config_add_keypair_mem(struct tls_config *_config, const uint8_t *_cert,