emo/xbps
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

libfetch: use default CA path rather than default CA file.

Browse Source 
The default CA file set by FreeBSD is only available when using the
LibreSSL provided CA file, and we've decided to use the CA path
by default.

Discussed with @dominikh.
This commit is contained in:
Juan RP 2015-10-28 07:31:26 +01:00
parent 4fbfe6e823
commit f4cb178f6c
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/fetch/common.c
View File

@ -831,9 +831,9 @@ fetch_ssl_setup_peer_verification(SSL_CTX *ctx, int verbose)
const char *ca_cert_file, *ca_cert_path, *crl_file;
if (getenv("SSL_NO_VERIFY_PEER") == NULL) {
ca_cert_file = getenv("SSL_CA_CERT_FILE") != NULL ?
getenv("SSL_CA_CERT_FILE") : "/etc/ssl/cert.pem";
ca_cert_path = getenv("SSL_CA_CERT_PATH");
ca_cert_file = getenv("SSL_CA_CERT_FILE");
ca_cert_path = getenv("SSL_CA_CERT_PATH") != NULL ?
getenv("SSL_CA_CERT_PATH") : X509_get_default_cert_dir();
if (verbose) {
fetch_info("Peer verification enabled");
if (ca_cert_file != NULL)