summary refs log tree commit diff
path: root/scripts/chroot-prompt.sh
diff options
context:
space:
mode:
authorKlemens Nanni <klemens@posteo.de>2021-06-10 01:32:09 +0000
committerJune McEnroe <june@causal.agency>2021-06-10 14:44:35 -0400
commit171a56ee2dcb18050edbcfaf62c121d35d06d43f (patch)
treed3c98f16a04ad4388c9b268ea5cddf44ba38f3ac /scripts/chroot-prompt.sh
parentAvoid creating out-of-bounds pointer when checking for seprintf truncation (diff)
downloadcatgirl-171a56ee2dcb18050edbcfaf62c121d35d06d43f.tar.gz
catgirl-171a56ee2dcb18050edbcfaf62c121d35d06d43f.zip
Hoist loading default root certificates into ircConfig()
tls_connect_socket(3) in ircConnect() does that by default already
unless tls_config_set_ca_file(3) was used.

Loading CA certificates before connecting makes no practical difference
except on OpenBSD where this allows for tighter unveil und pledge setups
now that all required (TLS related) file I/O is finished by the time
ircConnect() gets to do network I/O.

In case of the hidden `-!' insecure flag which is implied by `-o' to
print server certificates and exit, loading root certificates is not
required at all;  likewise, using explicit self signed server
certificates will not involve certificate authorities either, hence load
them only if needed.
Diffstat (limited to '')
0 files changed, 0 insertions, 0 deletions