summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--tls.c23
1 files changed, 11 insertions, 12 deletions
diff --git a/tls.c b/tls.c
index 90458c4..26adb2b 100644
--- a/tls.c
+++ b/tls.c
@@ -609,14 +609,6 @@ tls_configure_ssl_verify(struct tls *ctx, SSL_CTX *ssl_ctx, int verify)
 	if (ctx->config->verify_cert == 0)
 		goto done;
 
-	/* If no CA has been specified, attempt to load the default. */
-	if (ctx->config->ca_mem == NULL && ctx->config->ca_path == NULL) {
-		if (tls_config_load_file(&ctx->error, "CA", tls_default_ca_cert_file(),
-		    &ca_mem, &ca_len) != 0)
-			goto err;
-		ca_free = ca_mem;
-	}
-
 	if (ca_mem != NULL) {
 		if (ca_len > INT_MAX) {
 			tls_set_errorx(ctx, "ca too long");
@@ -626,10 +618,17 @@ tls_configure_ssl_verify(struct tls *ctx, SSL_CTX *ssl_ctx, int verify)
 			tls_set_errorx(ctx, "ssl verify memory setup failure");
 			goto err;
 		}
-	} else if (SSL_CTX_load_verify_locations(ssl_ctx, NULL,
-	    ctx->config->ca_path) != 1) {
-		tls_set_errorx(ctx, "ssl verify locations failure");
-		goto err;
+	} else if (ctx->config->ca_path != NULL) {
+		if (SSL_CTX_load_verify_locations(ssl_ctx, NULL,
+			ctx->config->ca_path) != 1) {
+			tls_set_errorx(ctx, "ssl verify locations failure");
+			goto err;
+		}
+	} else {
+		if (SSL_CTX_set_default_verify_paths(ssl_ctx) != 1) {
+			tls_set_errorx(ctx, "ssl verify locations failure");
+			goto err;
+		}
 	}
 
 	if (crl_mem != NULL) {
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-12-21 08:03:21 +0000
b556760be922624584d3774c4952f8cf&follow=1'>Use scrot for up -s if no screencaptureJune McEnroe Still missing putting the URL in an X selection. 2021-02-07Enable mouse acceleration in XJune McEnroe 2021-02-07Set colours for Xt and cwmJune McEnroe And increase XTerm internalBorder. 2021-02-07Set urgency on bell in xtermJune McEnroe 2021-02-07Add bindings for brightness controlJune McEnroe Weirdly the Fn key doesn't change how the F row registers... I wonder if I can do something about that. 2021-02-07Set X key repeat rateJune McEnroe 2021-02-07Bump font size to 12June McEnroe 11 is what I use on macOS, but I feel like my eyes are working harder here. 2021-02-07Fully configure and rebind cwmJune McEnroe This is sort of a mix of trying to emulate macOS somewhat for my muscle memory and just rebinding some of the cwm defaults to use 4- rather than M-. 2021-02-07Add BintiJune McEnroe 2021-02-07Finish configuring xtermJune McEnroe 2021-02-06Enable tapping, reverse scroll, set scaling in wsconsctlJune McEnroe 2021-02-06Set root window to black on purple snowJune McEnroe 2021-02-06Add xmodmap configurationJune McEnroe 2021-02-06Add initial OpenBSD X configurationJune McEnroe cwm still needs a lot more rebinding, and I need to actually look at its other options. xterm definitely still needs some configuration, but I at least managed to get it to use a decent looking font. Very happy that OpenBSD includes Luxi Mono, which is what my usual font, Go Mono, is based on anyway. Still missing is xmodmap and such. 2021-02-06Add xterm output to schemeJune McEnroe