Allow portable to override the default CA bundle location

ok kinichiro@ jsing@

2 files changed, 7 insertions, 3 deletions

diff --git a/lib/libtls/tls_config.c b/lib/libtls/tls_config.c
index 6a717abd48f..424fd73c93f 100644
--- a/lib/libtls/tls_config.c
+++ b/lib/libtls/tls_config.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_config.c,v 1.56 2019/04/04 15:09:09 jsing Exp $ */
+/* $OpenBSD: tls_config.c,v 1.57 2019/11/16 06:44:33 beck Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -28,7 +28,7 @@
 
 #include "tls_internal.h"
 
-static const char default_ca_file[] = "/etc/ssl/cert.pem";
+static const char default_ca_file[] = TLS_DEFAULT_CA_FILE;
 
 const char *
 tls_default_ca_cert_file(void)
diff --git a/lib/libtls/tls_internal.h b/lib/libtls/tls_internal.h
index efccc9fdbe4..3d806f8b6e0 100644
--- a/lib/libtls/tls_internal.h
+++ b/lib/libtls/tls_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_internal.h,v 1.75 2019/11/02 13:37:59 jsing Exp $ */
+/* $OpenBSD: tls_internal.h,v 1.76 2019/11/16 06:44:33 beck Exp $ */
 /*
  * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
@@ -28,6 +28,10 @@
 
 __BEGIN_HIDDEN_DECLS
 
+#ifndef TLS_DEFAULT_CA_FILE
+#define TLS_DEFAULT_CA_FILE 	"/etc/ssl/cert.pem"
+#endif
+
 #define TLS_CIPHERS_DEFAULT	"TLSv1.2+AEAD+ECDHE:TLSv1.2+AEAD+DHE"
 #define TLS_CIPHERS_COMPAT	"HIGH:!aNULL"
 #define TLS_CIPHERS_LEGACY	"HIGH:MEDIUM:!aNULL"