From fd25347db80b1fd9a198283b5d3e3a953fd2e011 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Tue, 6 Nov 2018 20:41:11 +0000
Subject: Use TLS_CA_CERT_FILE instead of a separate define.

ok beck@ bluhm@ tb@
---
 src/usr.bin/nc/netcat.c       | 5 ++---
 src/usr.sbin/ocspcheck/http.c | 6 ++----
 2 files changed, 4 insertions(+), 7 deletions(-)

diff --git a/src/usr.bin/nc/netcat.c b/src/usr.bin/nc/netcat.c
index 9ce2b6bb7a..9c19049d59 100644
--- a/src/usr.bin/nc/netcat.c
+++ b/src/usr.bin/nc/netcat.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: netcat.c,v 1.196 2018/10/26 07:19:26 dlg Exp $ */
+/* $OpenBSD: netcat.c,v 1.197 2018/11/06 20:39:19 jsing Exp $ */
 /*
  * Copyright (c) 2001 Eric Jackson <ericj@monkey.org>
  * Copyright (c) 2015 Bob Beck.  All rights reserved.
@@ -66,7 +66,6 @@
 #define POLL_NETIN	2
 #define POLL_STDOUT	3
 #define BUFSIZE		16384
-#define DEFAULT_CA_FILE	"/etc/ssl/cert.pem"
 
 #define TLS_NOVERIFY	(1 << 1)
 #define TLS_NONAME	(1 << 2)
@@ -101,7 +100,7 @@ int	usetls;					/* use TLS */
 char    *Cflag;					/* Public cert file */
 char    *Kflag;					/* Private key file */
 char    *oflag;					/* OCSP stapling file */
-char    *Rflag = DEFAULT_CA_FILE;		/* Root CA file */
+char    *Rflag = TLS_CA_CERT_FILE;		/* Root CA file */
 int	tls_cachanged;				/* Using non-default CA file */
 int     TLSopt;					/* TLS options */
 char	*tls_expectname;			/* required name in peer cert */
diff --git a/src/usr.sbin/ocspcheck/http.c b/src/usr.sbin/ocspcheck/http.c
index 6830bacaec..ce479f27ef 100644
--- a/src/usr.sbin/ocspcheck/http.c
+++ b/src/usr.sbin/ocspcheck/http.c
@@ -1,4 +1,4 @@
-/*	$Id: http.c,v 1.9 2017/03/26 18:41:02 deraadt Exp $ */
+/*	$Id: http.c,v 1.10 2018/11/06 20:41:11 jsing Exp $ */
 /*
  * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -35,8 +35,6 @@
 #include "http.h"
 #include <tls.h>
 
-#define DEFAULT_CA_FILE "/etc/ssl/cert.pem"
-
 /*
  * A buffer for transferring HTTP/S data.
  */
@@ -137,7 +135,7 @@ http_init()
 		goto err;
 	}
 
-	if (tls_config_set_ca_file(tlscfg, DEFAULT_CA_FILE) == -1) {
+	if (tls_config_set_ca_file(tlscfg, TLS_CA_CERT_FILE) == -1) {
 		warn("tls_config_set_ca_file: %s", tls_config_error(tlscfg));
 		goto err;
 	}
-- 
cgit v1.2.3-55-g6feb