diff options
author | Klemens Nanni <klemens@posteo.de> | 2021-06-10 01:32:09 +0000 |
---|---|---|
committer | June McEnroe <june@causal.agency> | 2021-06-10 14:44:35 -0400 |
commit | 171a56ee2dcb18050edbcfaf62c121d35d06d43f (patch) | |
tree | d3c98f16a04ad4388c9b268ea5cddf44ba38f3ac /scripts/sandman.m | |
parent | Avoid creating out-of-bounds pointer when checking for seprintf truncation (diff) | |
download | catgirl-171a56ee2dcb18050edbcfaf62c121d35d06d43f.tar.gz catgirl-171a56ee2dcb18050edbcfaf62c121d35d06d43f.zip |
Hoist loading default root certificates into ircConfig()
tls_connect_socket(3) in ircConnect() does that by default already unless tls_config_set_ca_file(3) was used. Loading CA certificates before connecting makes no practical difference except on OpenBSD where this allows for tighter unveil und pledge setups now that all required (TLS related) file I/O is finished by the time ircConnect() gets to do network I/O. In case of the hidden `-!' insecure flag which is implied by `-o' to print server certificates and exit, loading root certificates is not required at all; likewise, using explicit self signed server certificates will not involve certificate authorities either, hence load them only if needed.
Diffstat (limited to '')
0 files changed, 0 insertions, 0 deletions