about summary refs log tree commit diff
diff options
context:
space:
mode:
authorJune McEnroe <june@causal.agency>2021-06-10 15:23:33 -0400
committerJune McEnroe <june@causal.agency>2021-06-10 15:23:33 -0400
commit0b4004c202283565a9e90fd03df3d17bd53a5393 (patch)
tree3750dc0c2ef0c7349117eff6ddef2f7000838544
parentOpenBSD: Drop now unneeded promise from initial pledge (diff)
downloadcatgirl-0b4004c202283565a9e90fd03df3d17bd53a5393.tar.gz
catgirl-0b4004c202283565a9e90fd03df3d17bd53a5393.zip
Only explicitly load the default CA file on OpenBSD
-rw-r--r--irc.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/irc.c b/irc.c
index 720e1ce..166d4ed 100644
--- a/irc.c
+++ b/irc.c
@@ -71,11 +71,16 @@ void ircConfig(
 		if (error) errx(EX_NOINPUT, "%s: %s", trust, tls_config_error(config));
 	}
 
+	// Explicitly load the default CA cert file on OpenBSD now so it doesn't
+	// need to be unveiled. Other systems might use a CA directory, so avoid
+	// changing the default behavior.
+#ifdef __OpenBSD__
 	if (!insecure && !trust) {
 		const char *ca = tls_default_ca_cert_file();
 		error = tls_config_set_ca_file(config, ca);
 		if (error) errx(EX_OSFILE, "%s: %s", ca, tls_config_error(config));
 	}
+#endif
 
 	if (cert) {
 		const char *dirs = NULL;