Only explicitly load the default CA file on OpenBSD

weechat-hashes
C. McEnroe 2021-06-10 15:23:33 -04:00
parent 552cd49833
commit 0b4004c202
1 changed files with 5 additions and 0 deletions

5
irc.c
View File

@ -71,11 +71,16 @@ void ircConfig(
if (error) errx(EX_NOINPUT, "%s: %s", trust, tls_config_error(config)); if (error) errx(EX_NOINPUT, "%s: %s", trust, tls_config_error(config));
} }
// Explicitly load the default CA cert file on OpenBSD now so it doesn't
// need to be unveiled. Other systems might use a CA directory, so avoid
// changing the default behavior.
#ifdef __OpenBSD__
if (!insecure && !trust) { if (!insecure && !trust) {
const char *ca = tls_default_ca_cert_file(); const char *ca = tls_default_ca_cert_file();
error = tls_config_set_ca_file(config, ca); error = tls_config_set_ca_file(config, ca);
if (error) errx(EX_OSFILE, "%s: %s", ca, tls_config_error(config)); if (error) errx(EX_OSFILE, "%s: %s", ca, tls_config_error(config));
} }
#endif
if (cert) { if (cert) {
const char *dirs = NULL; const char *dirs = NULL;