Only explicitly load the default CA file on OpenBSD
parent
552cd49833
commit
0b4004c202
5
irc.c
5
irc.c
|
@ -71,11 +71,16 @@ void ircConfig(
|
|||
if (error) errx(EX_NOINPUT, "%s: %s", trust, tls_config_error(config));
|
||||
}
|
||||
|
||||
// Explicitly load the default CA cert file on OpenBSD now so it doesn't
|
||||
// need to be unveiled. Other systems might use a CA directory, so avoid
|
||||
// changing the default behavior.
|
||||
#ifdef __OpenBSD__
|
||||
if (!insecure && !trust) {
|
||||
const char *ca = tls_default_ca_cert_file();
|
||||
error = tls_config_set_ca_file(config, ca);
|
||||
if (error) errx(EX_OSFILE, "%s: %s", ca, tls_config_error(config));
|
||||
}
|
||||
#endif
|
||||
|
||||
if (cert) {
|
||||
const char *dirs = NULL;
|
||||
|
|
Loading…
Reference in New Issue