diff options
author | tedu <tedu@openbsd.org> | 2018-11-29 14:25:06 +0000 |
---|---|---|
committer | tedu <tedu@openbsd.org> | 2018-11-29 14:25:06 +0000 |
commit | fb0a89ee25104c910ac77f5446c80f80dec185a0 (patch) | |
tree | 03b318236076cb81912bdbee40565f6e2eaac374 | |
parent | expose the default cert file as a function, not a define. it's really (diff) | |
download | wireguard-openbsd-fb0a89ee25104c910ac77f5446c80f80dec185a0.tar.xz wireguard-openbsd-fb0a89ee25104c910ac77f5446c80f80dec185a0.zip |
update for libtls default cert changes.
bonus: this exposed a few missing const qualifiers.
-rw-r--r-- | usr.bin/ldap/ldapclient.c | 6 | ||||
-rw-r--r-- | usr.bin/nc/netcat.c | 11 | ||||
-rw-r--r-- | usr.sbin/acme-client/http.c | 4 | ||||
-rw-r--r-- | usr.sbin/acme-client/netproc.c | 4 | ||||
-rw-r--r-- | usr.sbin/ntpd/constraint.c | 4 | ||||
-rw-r--r-- | usr.sbin/ntpd/ntpd.c | 4 | ||||
-rw-r--r-- | usr.sbin/ocspcheck/http.c | 4 | ||||
-rw-r--r-- | usr.sbin/ypldap/parse.y | 4 |
8 files changed, 21 insertions, 20 deletions
diff --git a/usr.bin/ldap/ldapclient.c b/usr.bin/ldap/ldapclient.c index 6bfd2b01afd..02b15e0669b 100644 --- a/usr.bin/ldap/ldapclient.c +++ b/usr.bin/ldap/ldapclient.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ldapclient.c,v 1.10 2018/11/27 12:04:57 martijn Exp $ */ +/* $OpenBSD: ldapclient.c,v 1.11 2018/11/29 14:25:07 tedu Exp $ */ /* * Copyright (c) 2018 Reyk Floeter <reyk@openbsd.org> @@ -61,7 +61,7 @@ struct ldapc { struct aldap *ldap_al; char *ldap_host; int ldap_port; - char *ldap_capath; + const char *ldap_capath; char *ldap_binddn; char *ldap_secret; unsigned int ldap_flags; @@ -220,7 +220,7 @@ main(int argc, char *argv[]) if (ldap.ldap_protocol == LDAP && (ldap.ldap_flags & F_STARTTLS)) ldap.ldap_protocol = LDAPTLS; if (ldap.ldap_capath == NULL) - ldap.ldap_capath = TLS_CA_CERT_FILE; + ldap.ldap_capath = tls_default_ca_cert_file(); if (ls.ls_basedn == NULL) ls.ls_basedn = ""; if (ls.ls_scope == -1) diff --git a/usr.bin/nc/netcat.c b/usr.bin/nc/netcat.c index f5045013aad..e0966f1952d 100644 --- a/usr.bin/nc/netcat.c +++ b/usr.bin/nc/netcat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: netcat.c,v 1.198 2018/11/09 04:05:14 bluhm Exp $ */ +/* $OpenBSD: netcat.c,v 1.199 2018/11/29 14:25:06 tedu Exp $ */ /* * Copyright (c) 2001 Eric Jackson <ericj@monkey.org> * Copyright (c) 2015 Bob Beck. All rights reserved. @@ -97,10 +97,10 @@ int Tflag = -1; /* IP Type of Service */ int rtableid = -1; int usetls; /* use TLS */ -char *Cflag; /* Public cert file */ -char *Kflag; /* Private key file */ -char *oflag; /* OCSP stapling file */ -char *Rflag = TLS_CA_CERT_FILE; /* Root CA file */ +const char *Cflag; /* Public cert file */ +const char *Kflag; /* Private key file */ +const char *oflag; /* OCSP stapling file */ +const char *Rflag; /* Root CA file */ int tls_cachanged; /* Using non-default CA file */ int TLSopt; /* TLS options */ char *tls_expectname; /* required name in peer cert */ @@ -167,6 +167,7 @@ main(int argc, char *argv[]) host = NULL; uport = NULL; sv = NULL; + Rflag = tls_default_ca_cert_file(); signal(SIGPIPE, SIG_IGN); diff --git a/usr.sbin/acme-client/http.c b/usr.sbin/acme-client/http.c index 13516fced89..79330ae2905 100644 --- a/usr.sbin/acme-client/http.c +++ b/usr.sbin/acme-client/http.c @@ -1,4 +1,4 @@ -/* $Id: http.c,v 1.23 2018/11/06 20:40:49 jsing Exp $ */ +/* $Id: http.c,v 1.24 2018/11/29 14:25:07 tedu Exp $ */ /* * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -135,7 +135,7 @@ http_init() goto err; } - if (tls_config_set_ca_file(tlscfg, TLS_CA_CERT_FILE) == -1) { + if (tls_config_set_ca_file(tlscfg, tls_default_ca_cert_file()) == -1) { warn("tls_config_set_ca_file: %s", tls_config_error(tlscfg)); goto err; } diff --git a/usr.sbin/acme-client/netproc.c b/usr.sbin/acme-client/netproc.c index 472c86aface..e5845401862 100644 --- a/usr.sbin/acme-client/netproc.c +++ b/usr.sbin/acme-client/netproc.c @@ -1,4 +1,4 @@ -/* $Id: netproc.c,v 1.18 2018/11/06 20:40:49 jsing Exp $ */ +/* $Id: netproc.c,v 1.19 2018/11/29 14:25:07 tedu Exp $ */ /* * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -613,7 +613,7 @@ netproc(int kfd, int afd, int Cfd, int cfd, int dfd, int rfd, memset(&paths, 0, sizeof(struct capaths)); memset(&c, 0, sizeof(struct conn)); - if (unveil(TLS_CA_CERT_FILE, "r") == -1) { + if (unveil(tls_default_ca_cert_file(), "r") == -1) { warn("unveil"); goto out; } diff --git a/usr.sbin/ntpd/constraint.c b/usr.sbin/ntpd/constraint.c index 68db1f7cf45..76dc4f7bdf5 100644 --- a/usr.sbin/ntpd/constraint.c +++ b/usr.sbin/ntpd/constraint.c @@ -1,4 +1,4 @@ -/* $OpenBSD: constraint.c,v 1.37 2018/11/06 20:41:36 jsing Exp $ */ +/* $OpenBSD: constraint.c,v 1.38 2018/11/29 14:25:07 tedu Exp $ */ /* * Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org> @@ -339,7 +339,7 @@ priv_constraint_child(const char *pw_dir, uid_t pw_uid, gid_t pw_gid) /* Init TLS and load CA certs before chroot() */ if (tls_init() == -1) fatalx("tls_init"); - if ((conf->ca = tls_load_file(TLS_CA_CERT_FILE, + if ((conf->ca = tls_load_file(tls_default_ca_cert_file(), &conf->ca_len, NULL)) == NULL) fatalx("failed to load constraint ca"); diff --git a/usr.sbin/ntpd/ntpd.c b/usr.sbin/ntpd/ntpd.c index a3847c4f4cf..a927be1a749 100644 --- a/usr.sbin/ntpd/ntpd.c +++ b/usr.sbin/ntpd/ntpd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ntpd.c,v 1.118 2018/11/06 20:41:36 jsing Exp $ */ +/* $OpenBSD: ntpd.c,v 1.119 2018/11/29 14:25:07 tedu Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -248,7 +248,7 @@ main(int argc, char *argv[]) * Constraint processes are forked with certificates in memory, * then privdrop into chroot before speaking to the outside world. */ - if (unveil(TLS_CA_CERT_FILE, "r") == -1) + if (unveil(tls_default_ca_cert_file(), "r") == -1) err(1, "unveil"); if (unveil("/usr/sbin/ntpd", "x") == -1) err(1, "unveil"); diff --git a/usr.sbin/ocspcheck/http.c b/usr.sbin/ocspcheck/http.c index ce479f27ef7..5c914a48571 100644 --- a/usr.sbin/ocspcheck/http.c +++ b/usr.sbin/ocspcheck/http.c @@ -1,4 +1,4 @@ -/* $Id: http.c,v 1.10 2018/11/06 20:41:11 jsing Exp $ */ +/* $Id: http.c,v 1.11 2018/11/29 14:25:07 tedu Exp $ */ /* * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -135,7 +135,7 @@ http_init() goto err; } - if (tls_config_set_ca_file(tlscfg, TLS_CA_CERT_FILE) == -1) { + if (tls_config_set_ca_file(tlscfg, tls_default_ca_cert_file()) == -1) { warn("tls_config_set_ca_file: %s", tls_config_error(tlscfg)); goto err; } diff --git a/usr.sbin/ypldap/parse.y b/usr.sbin/ypldap/parse.y index 3a317db7ca3..47b8381f449 100644 --- a/usr.sbin/ypldap/parse.y +++ b/usr.sbin/ypldap/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.31 2018/11/06 20:42:03 jsing Exp $ */ +/* $OpenBSD: parse.y,v 1.32 2018/11/29 14:25:07 tedu Exp $ */ /* * Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org> @@ -845,7 +845,7 @@ parse_config(struct env *x_conf, const char *filename, int opts) TAILQ_INIT(&conf->sc_idms); conf->sc_conf_tv.tv_sec = DEFAULT_INTERVAL; conf->sc_conf_tv.tv_usec = 0; - conf->sc_cafile = strdup(TLS_CA_CERT_FILE); + conf->sc_cafile = strdup(tls_default_ca_cert_file()); if (conf->sc_cafile == NULL) { log_warn("%s", __func__); return (-1); |