diff options
Diffstat (limited to 'tls_config.c')
-rw-r--r-- | tls_config.c | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/tls_config.c b/tls_config.c index 15e218b..59c69f0 100644 --- a/tls_config.c +++ b/tls_config.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_config.c,v 1.65 2022/01/25 21:51:24 eric Exp $ */ +/* $OpenBSD: tls_config.c,v 1.67 2023/07/02 06:37:27 beck Exp $ */ /* * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> * @@ -22,18 +22,19 @@ #include <fcntl.h> #include <pthread.h> #include <stdlib.h> +#include <string.h> #include <unistd.h> +#include <openssl/x509.h> + #include <tls.h> #include "tls_internal.h" -static const char default_ca_file[] = TLS_DEFAULT_CA_FILE; - const char * tls_default_ca_cert_file(void) { - return default_ca_file; + return X509_get_default_cert_file(); } int @@ -250,9 +251,9 @@ tls_config_parse_protocols(uint32_t *protocols, const char *protostr) if (strcasecmp(p, "tlsv1") == 0) proto = TLS_PROTOCOL_TLSv1; else if (strcasecmp(p, "tlsv1.0") == 0) - proto = TLS_PROTOCOL_TLSv1_0; + proto = TLS_PROTOCOL_TLSv1_2; else if (strcasecmp(p, "tlsv1.1") == 0) - proto = TLS_PROTOCOL_TLSv1_1; + proto = TLS_PROTOCOL_TLSv1_2; else if (strcasecmp(p, "tlsv1.2") == 0) proto = TLS_PROTOCOL_TLSv1_2; else if (strcasecmp(p, "tlsv1.3") == 0) |