From 0b4004c202283565a9e90fd03df3d17bd53a5393 Mon Sep 17 00:00:00 2001 From: "C. McEnroe" Date: Thu, 10 Jun 2021 15:23:33 -0400 Subject: Only explicitly load the default CA file on OpenBSD --- irc.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/irc.c b/irc.c index 720e1ce..166d4ed 100644 --- a/irc.c +++ b/irc.c @@ -71,11 +71,16 @@ void ircConfig( if (error) errx(EX_NOINPUT, "%s: %s", trust, tls_config_error(config)); } + // Explicitly load the default CA cert file on OpenBSD now so it doesn't + // need to be unveiled. Other systems might use a CA directory, so avoid + // changing the default behavior. +#ifdef __OpenBSD__ if (!insecure && !trust) { const char *ca = tls_default_ca_cert_file(); error = tls_config_set_ca_file(config, ca); if (error) errx(EX_OSFILE, "%s: %s", ca, tls_config_error(config)); } +#endif if (cert) { const char *dirs = NULL; -- cgit 1.4.1