diff options
| author |   jsing <jsing@openbsd.org> | 2018-11-06 20:41:36 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2018-11-06 20:41:36 +0000 |
| commit | 84c1bf9898eabef38ab492224452286579279380 (patch) | |
| tree | 42c76a572dc3c466a2ace7122e218e1531c2c634 /usr.sbin/ntpd | |
| parent | Use TLS_CA_CERT_FILE instead of a separate define. (diff) | |
| download | wireguard-openbsd-84c1bf9898eabef38ab492224452286579279380.tar.xz wireguard-openbsd-84c1bf9898eabef38ab492224452286579279380.zip | |
Use TLS_CA_CERT_FILE instead of a separate define.
ok beck@ bluhm@ tb@
Diffstat (limited to 'usr.sbin/ntpd')
| -rw-r--r-- | usr.sbin/ntpd/constraint.c | 4 | ||||
| -rw-r--r-- | usr.sbin/ntpd/ntpd.c | 5 | ||||
| -rw-r--r-- | usr.sbin/ntpd/ntpd.h | 3 |
3 files changed, 6 insertions, 6 deletions
diff --git a/usr.sbin/ntpd/constraint.c b/usr.sbin/ntpd/constraint.c index b65ee446822..68db1f7cf45 100644 --- a/usr.sbin/ntpd/constraint.c +++ b/usr.sbin/ntpd/constraint.c @@ -1,4 +1,4 @@ -/* $OpenBSD: constraint.c,v 1.36 2018/11/05 00:13:36 jsing Exp $ */ +/* $OpenBSD: constraint.c,v 1.37 2018/11/06 20:41:36 jsing Exp $ */ /* * Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org> @@ -339,7 +339,7 @@ priv_constraint_child(const char *pw_dir, uid_t pw_uid, gid_t pw_gid) /* Init TLS and load CA certs before chroot() */ if (tls_init() == -1) fatalx("tls_init"); - if ((conf->ca = tls_load_file(CONSTRAINT_CA, + if ((conf->ca = tls_load_file(TLS_CA_CERT_FILE, &conf->ca_len, NULL)) == NULL) fatalx("failed to load constraint ca"); diff --git a/usr.sbin/ntpd/ntpd.c b/usr.sbin/ntpd/ntpd.c index c646ec37eb1..a3847c4f4cf 100644 --- a/usr.sbin/ntpd/ntpd.c +++ b/usr.sbin/ntpd/ntpd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ntpd.c,v 1.117 2018/08/31 18:45:02 deraadt Exp $ */ +/* $OpenBSD: ntpd.c,v 1.118 2018/11/06 20:41:36 jsing Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -31,6 +31,7 @@ #include <stdlib.h> #include <string.h> #include <syslog.h> +#include <tls.h> #include <time.h> #include <unistd.h> #include <fcntl.h> @@ -247,7 +248,7 @@ main(int argc, char *argv[]) * Constraint processes are forked with certificates in memory, * then privdrop into chroot before speaking to the outside world. */ - if (unveil("/etc/ssl/cert.pem", "r") == -1) + if (unveil(TLS_CA_CERT_FILE, "r") == -1) err(1, "unveil"); if (unveil("/usr/sbin/ntpd", "x") == -1) err(1, "unveil"); diff --git a/usr.sbin/ntpd/ntpd.h b/usr.sbin/ntpd/ntpd.h index deaf2a9afa5..0bb7f1bc573 100644 --- a/usr.sbin/ntpd/ntpd.h +++ b/usr.sbin/ntpd/ntpd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ntpd.h,v 1.136 2018/08/04 11:07:14 mestre Exp $ */ +/* $OpenBSD: ntpd.h,v 1.137 2018/11/06 20:41:36 jsing Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -80,7 +80,6 @@ #define CONSTRAINT_PORT "443" /* HTTPS port */ #define CONSTRAINT_MAXHEADERLENGTH 8192 #define CONSTRAINT_PASSFD (STDERR_FILENO + 1) -#define CONSTRAINT_CA "/etc/ssl/cert.pem" #define PARENT_SOCK_FILENO CONSTRAINT_PASSFD |