update for libtls default cert changes.

bonus: this exposed a few missing const qualifiers.

2 files changed, 4 insertions, 4 deletions

diff --git a/usr.sbin/ntpd/constraint.c b/usr.sbin/ntpd/constraint.c
index 68db1f7cf45..76dc4f7bdf5 100644
--- a/usr.sbin/ntpd/constraint.c
+++ b/usr.sbin/ntpd/constraint.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: constraint.c,v 1.37 2018/11/06 20:41:36 jsing Exp $	*/
+/*	$OpenBSD: constraint.c,v 1.38 2018/11/29 14:25:07 tedu Exp $	*/
 
 /*
  * Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org>
@@ -339,7 +339,7 @@ priv_constraint_child(const char *pw_dir, uid_t pw_uid, gid_t pw_gid)
 	/* Init TLS and load CA certs before chroot() */
 	if (tls_init() == -1)
 		fatalx("tls_init");
-	if ((conf->ca = tls_load_file(TLS_CA_CERT_FILE,
+	if ((conf->ca = tls_load_file(tls_default_ca_cert_file(),
 	    &conf->ca_len, NULL)) == NULL)
 		fatalx("failed to load constraint ca");
 
diff --git a/usr.sbin/ntpd/ntpd.c b/usr.sbin/ntpd/ntpd.c
index a3847c4f4cf..a927be1a749 100644
--- a/usr.sbin/ntpd/ntpd.c
+++ b/usr.sbin/ntpd/ntpd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ntpd.c,v 1.118 2018/11/06 20:41:36 jsing Exp $ */
+/*	$OpenBSD: ntpd.c,v 1.119 2018/11/29 14:25:07 tedu Exp $ */
 
 /*
  * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -248,7 +248,7 @@ main(int argc, char *argv[])
 	 * Constraint processes are forked with certificates in memory,
 	 * then privdrop into chroot before speaking to the outside world.
 	 */
-	if (unveil(TLS_CA_CERT_FILE, "r") == -1)
+	if (unveil(tls_default_ca_cert_file(), "r") == -1)
 		err(1, "unveil");
 	if (unveil("/usr/sbin/ntpd", "x") == -1)
 		err(1, "unveil");