From 5f08effe8d3a6601a2f55a020ef051bef28cf946 Mon Sep 17 00:00:00 2001
From: tedu <>
Date: Thu, 29 Nov 2018 14:25:07 +0000
Subject: update for libtls default cert changes. bonus: this exposed a few
 missing const qualifiers.

---
 src/usr.bin/nc/netcat.c       | 11 ++++++-----
 src/usr.sbin/ocspcheck/http.c |  4 ++--
 2 files changed, 8 insertions(+), 7 deletions(-)

(limited to 'src')

diff --git a/src/usr.bin/nc/netcat.c b/src/usr.bin/nc/netcat.c
index f5045013aa..e0966f1952 100644
--- a/src/usr.bin/nc/netcat.c
+++ b/src/usr.bin/nc/netcat.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: netcat.c,v 1.198 2018/11/09 04:05:14 bluhm Exp $ */
+/* $OpenBSD: netcat.c,v 1.199 2018/11/29 14:25:06 tedu Exp $ */
 /*
  * Copyright (c) 2001 Eric Jackson <ericj@monkey.org>
  * Copyright (c) 2015 Bob Beck.  All rights reserved.
@@ -97,10 +97,10 @@ int	Tflag = -1;				/* IP Type of Service */
 int	rtableid = -1;
 
 int	usetls;					/* use TLS */
-char    *Cflag;					/* Public cert file */
-char    *Kflag;					/* Private key file */
-char    *oflag;					/* OCSP stapling file */
-char    *Rflag = TLS_CA_CERT_FILE;		/* Root CA file */
+const char    *Cflag;				/* Public cert file */
+const char    *Kflag;				/* Private key file */
+const char    *oflag;				/* OCSP stapling file */
+const char    *Rflag;				/* Root CA file */
 int	tls_cachanged;				/* Using non-default CA file */
 int     TLSopt;					/* TLS options */
 char	*tls_expectname;			/* required name in peer cert */
@@ -167,6 +167,7 @@ main(int argc, char *argv[])
 	host = NULL;
 	uport = NULL;
 	sv = NULL;
+	Rflag = tls_default_ca_cert_file();
 
 	signal(SIGPIPE, SIG_IGN);
 
diff --git a/src/usr.sbin/ocspcheck/http.c b/src/usr.sbin/ocspcheck/http.c
index ce479f27ef..5c914a4857 100644
--- a/src/usr.sbin/ocspcheck/http.c
+++ b/src/usr.sbin/ocspcheck/http.c
@@ -1,4 +1,4 @@
-/*	$Id: http.c,v 1.10 2018/11/06 20:41:11 jsing Exp $ */
+/*	$Id: http.c,v 1.11 2018/11/29 14:25:07 tedu Exp $ */
 /*
  * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -135,7 +135,7 @@ http_init()
 		goto err;
 	}
 
-	if (tls_config_set_ca_file(tlscfg, TLS_CA_CERT_FILE) == -1) {
+	if (tls_config_set_ca_file(tlscfg, tls_default_ca_cert_file()) == -1) {
 		warn("tls_config_set_ca_file: %s", tls_config_error(tlscfg));
 		goto err;
 	}
-- 
cgit v1.2.3-55-g6feb