diff options
| author | June McEnroe <june@causal.agency> | 2021-06-10 15:23:33 -0400 |
|---|---|---|
| committer | June McEnroe <june@causal.agency> | 2021-06-10 15:23:33 -0400 |
| commit | 0b4004c202283565a9e90fd03df3d17bd53a5393 (patch) | |
| tree | 3750dc0c2ef0c7349117eff6ddef2f7000838544 | |
| parent | OpenBSD: Drop now unneeded promise from initial pledge (diff) | |
| download | catgirl-0b4004c202283565a9e90fd03df3d17bd53a5393.tar.gz catgirl-0b4004c202283565a9e90fd03df3d17bd53a5393.zip | |
Only explicitly load the default CA file on OpenBSD
| -rw-r--r-- | irc.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/irc.c b/irc.c index 720e1ce..166d4ed 100644 --- a/irc.c +++ b/irc.c @@ -71,11 +71,16 @@ void ircConfig( if (error) errx(EX_NOINPUT, "%s: %s", trust, tls_config_error(config)); } + // Explicitly load the default CA cert file on OpenBSD now so it doesn't + // need to be unveiled. Other systems might use a CA directory, so avoid + // changing the default behavior. +#ifdef __OpenBSD__ if (!insecure && !trust) { const char *ca = tls_default_ca_cert_file(); error = tls_config_set_ca_file(config, ca); if (error) errx(EX_OSFILE, "%s: %s", ca, tls_config_error(config)); } +#endif if (cert) { const char *dirs = NULL; |