summary refs log tree commit diff
path: root/compat/arc4random_linux.h
diff options
context:
space:
mode:
authorJune McEnroe <june@causal.agency>2020-07-31 22:53:27 -0400
committerJune McEnroe <june@causal.agency>2020-07-31 23:10:51 -0400
commita6df11f2bbd2c9cdf4a8f16d93d8a56c8f41c68d (patch)
treeaa5fe01a11fa67f1dea2f3116f41a1684219542d /compat/arc4random_linux.h
parenttls_config: Replace constant with X509_get_default_cert_file() (diff)
downloadlibretls-a6df11f2bbd2c9cdf4a8f16d93d8a56c8f41c68d.tar.gz
libretls-a6df11f2bbd2c9cdf4a8f16d93d8a56c8f41c68d.zip
tls: Call SSL_CTX_set_default_verify_paths by default
This removes the hard dependency on a CA bundle file existing in the
default path (which seems to not be the case on Debian, for example),
but results in a subtle behaviour change: if the CA bundle file does not
exist, the CA directory will be used instead, rather than failing hard.

I believe the only reason libtls insists on loading a CA bundle file
itself is so that it can be sandboxed afterwards, given that a file is
loaded all at once while a directory is only loaded as needed. If the
default CA bundle file exists, SSL_CTX_set_default_verify_paths will
still immediately load it, so sandboxing will still work. If it doesn't
exist, then the CA directory will be used, which will work well for
unsandboxed applications, but will likely fail during verification as it
tries to search the directory. Either way, if the CA bundle file does
not exist, a sandboxed application will not work. Enabling the use of
the CA directory, however, will allow more unsandboxed applications to
work.

Finally, to restore the original behaviour, an application can call
tls_config_set_ca_file(3) with the path returned by
tls_default_ca_cert_file(3).
Diffstat (limited to 'compat/arc4random_linux.h')
0 files changed, 0 insertions, 0 deletions
020-01-08Use mandoc -T html for about-filterJune McEnroe This also makes source-filter show mdoc source again and removes the dependency on ttpre entirely. I copied in the inline stylesheet mandoc outputs without -O fragment and added some customizations. 2020-01-05Add The Book of FloraJune McEnroe Also bump the rating of the previous book, I enjoyed both of them a lot more than the first one. 2020-01-04Replace gr alias with git resetJune McEnroe I haven't been doing much rebasing in a long time and I've caught myself trying to use gr to do reset. 2020-01-03Remove shotty -c flag from upJune McEnroe 2020-01-03Add Darling Don't CryJune McEnroe Heard at cafe. 2020-01-01Update license header templates for the new yearJune McEnroe 2019-12-26Add \S to sort inside bracesJune McEnroe 2019-12-23Reformat music.txtJune McEnroe 2019-12-23Rename music.md to music.txtJune McEnroe 2019-12-23Add DO YOU DOUBT ME TRAITORJune McEnroe 2019-12-22Add license header to cgit CSSJune McEnroe As requested. Funny that its license header capitalizes You. 2019-12-22Add The Book of EttaJune McEnroe 2019-12-21Revert "Add first working version of imbox"June McEnroe Moved to <https://git.causal.agency/imbox>. This reverts commit 6aa7f2f6bf47fa9df9c749ce665171fa30800937. 2019-12-21Add first working version of imboxJune McEnroe 2019-12-20Respect mailmap in gl pretty formatJune McEnroe 2019-12-20Set LANG in cgit filtersJune McEnroe ttpre needs to know about UTF-8 too so it can bold/italic non-ASCII chars. 2019-12-20Source .editrc before applying -v or -eJune McEnroe Otherwise a bind -v in .editrc will take precedence and overwrite the ^I binding for sh-complete. 2019-12-20Disable signing commitsJune McEnroe Why did I ever turn this on? This gets me nothing but inconvenience. RIP to all the wasted bytes in my git repos. 2019-12-19Ignore about-filterJune McEnroe 2019-12-19Fix matching make tags with no sourcesJune McEnroe 2019-12-19Avoid matching := assignments as tagsJune McEnroe 2019-12-18Hide line numbers when rendering mdocJune McEnroe Hack: output an extra <td> after rendering mdoc so that line numbers can be hidden based on there being three. This required splitting source-filter and about-filter since on about pages there is no table. 2019-12-18Customize cgit CSSJune McEnroe 2019-12-18Use :target rather than :focus pseudo-classJune McEnroe :target persists after you click on something else. 2019-12-18Copy cgit auxiliary binaries properlyJune McEnroe 2019-12-18Add git.causal.agency cgit configJune McEnroe 2019-12-18Bail from hi if input is binaryJune McEnroe NULs in the input cause an infinite loop in htmlEscape, not to mention regexes obviously not working, etc. 2019-12-16Post "cgit setup"June McEnroe