Only explicitly load the default CA file on OpenBSD

master
C. McEnroe 2021-06-10 15:23:33 -04:00
parent 552cd49833
commit 0b4004c202
1 changed files with 5 additions and 0 deletions

5
irc.c
View File

@ -71,11 +71,16 @@ void ircConfig(
if (error) errx(EX_NOINPUT, "%s: %s", trust, tls_config_error(config));
}
// Explicitly load the default CA cert file on OpenBSD now so it doesn't
// need to be unveiled. Other systems might use a CA directory, so avoid
// changing the default behavior.
#ifdef __OpenBSD__
if (!insecure && !trust) {
const char *ca = tls_default_ca_cert_file();
error = tls_config_set_ca_file(config, ca);
if (error) errx(EX_OSFILE, "%s: %s", ca, tls_config_error(config));
}
#endif
if (cert) {
const char *dirs = NULL;