From db941a1cfe2e8232c86adf98026bc75fdcce8760 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Tue, 6 Nov 2018 20:34:54 +0000
Subject: Define TLS_CA_CERT_FILE rather than having every application create
 their own define for /etc/ssl/cert.pem.

ok beck@ bluhm@ tb@
---
 src/lib/libtls/tls.c          | 4 ++--
 src/lib/libtls/tls.h          | 4 +++-
 src/lib/libtls/tls_internal.h | 4 +---
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/lib/libtls/tls.c b/src/lib/libtls/tls.c
index 6033e846ba..4362c60c80 100644
--- a/src/lib/libtls/tls.c
+++ b/src/lib/libtls/tls.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls.c,v 1.80 2018/04/07 16:30:59 jsing Exp $ */
+/* $OpenBSD: tls.c,v 1.81 2018/11/06 20:34:54 jsing Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -501,7 +501,7 @@ tls_configure_ssl_verify(struct tls *ctx, SSL_CTX *ssl_ctx, int verify)
 
 	/* If no CA has been specified, attempt to load the default. */
 	if (ctx->config->ca_mem == NULL && ctx->config->ca_path == NULL) {
-		if (tls_config_load_file(&ctx->error, "CA", _PATH_SSL_CA_FILE,
+		if (tls_config_load_file(&ctx->error, "CA", TLS_CA_CERT_FILE,
 		    &ca_mem, &ca_len) != 0)
 			goto err;
 		ca_free = ca_mem;
diff --git a/src/lib/libtls/tls.h b/src/lib/libtls/tls.h
index 9f5379e65e..1b2d2c954c 100644
--- a/src/lib/libtls/tls.h
+++ b/src/lib/libtls/tls.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls.h,v 1.53 2018/02/10 04:58:08 jsing Exp $ */
+/* $OpenBSD: tls.h,v 1.54 2018/11/06 20:34:54 jsing Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -29,6 +29,8 @@ extern "C" {
 
 #define TLS_API	20180210
 
+#define TLS_CA_CERT_FILE	"/etc/ssl/cert.pem"
+
 #define TLS_PROTOCOL_TLSv1_0	(1 << 1)
 #define TLS_PROTOCOL_TLSv1_1	(1 << 2)
 #define TLS_PROTOCOL_TLSv1_2	(1 << 3)
diff --git a/src/lib/libtls/tls_internal.h b/src/lib/libtls/tls_internal.h
index b236204e81..e1a858d4de 100644
--- a/src/lib/libtls/tls_internal.h
+++ b/src/lib/libtls/tls_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_internal.h,v 1.72 2018/04/07 16:35:34 jsing Exp $ */
+/* $OpenBSD: tls_internal.h,v 1.73 2018/11/06 20:34:54 jsing Exp $ */
 /*
  * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
@@ -26,8 +26,6 @@
 
 __BEGIN_HIDDEN_DECLS
 
-#define _PATH_SSL_CA_FILE "/etc/ssl/cert.pem"
-
 #define TLS_CIPHERS_DEFAULT	"TLSv1.2+AEAD+ECDHE:TLSv1.2+AEAD+DHE"
 #define TLS_CIPHERS_COMPAT	"HIGH:!aNULL"
 #define TLS_CIPHERS_LEGACY	"HIGH:MEDIUM:!aNULL"
-- 
cgit v1.2.3-55-g6feb