diff options
| author | C. McEnroe | 2021-06-10 15:23:33 -0400 |
|---|---|---|
| committer | C. McEnroe | 2021-06-10 15:23:33 -0400 |
| commit | 0b4004c202283565a9e90fd03df3d17bd53a5393 (patch) | |
| tree | 3750dc0c2ef0c7349117eff6ddef2f7000838544 | |
| parent | 552cd498334260616aada17372a96de98abc9dc1 (diff) | |
Only explicitly load the default CA file on OpenBSD
| -rw-r--r-- | irc.c | 5 |
1 files changed, 5 insertions, 0 deletions
@@ -71,11 +71,16 @@ void ircConfig( if (error) errx(EX_NOINPUT, "%s: %s", trust, tls_config_error(config)); } + // Explicitly load the default CA cert file on OpenBSD now so it doesn't + // need to be unveiled. Other systems might use a CA directory, so avoid + // changing the default behavior. +#ifdef __OpenBSD__ if (!insecure && !trust) { const char *ca = tls_default_ca_cert_file(); error = tls_config_set_ca_file(config, ca); if (error) errx(EX_OSFILE, "%s: %s", ca, tls_config_error(config)); } +#endif if (cert) { const char *dirs = NULL; |