diff options
author | tedu <tedu@openbsd.org> | 2018-11-29 14:25:06 +0000 |
---|---|---|
committer | tedu <tedu@openbsd.org> | 2018-11-29 14:25:06 +0000 |
commit | fb0a89ee25104c910ac77f5446c80f80dec185a0 (patch) | |
tree | 03b318236076cb81912bdbee40565f6e2eaac374 /usr.sbin | |
parent | expose the default cert file as a function, not a define. it's really (diff) | |
download | wireguard-openbsd-fb0a89ee25104c910ac77f5446c80f80dec185a0.tar.xz wireguard-openbsd-fb0a89ee25104c910ac77f5446c80f80dec185a0.zip |
update for libtls default cert changes.
bonus: this exposed a few missing const qualifiers.
Diffstat (limited to 'usr.sbin')
-rw-r--r-- | usr.sbin/acme-client/http.c | 4 | ||||
-rw-r--r-- | usr.sbin/acme-client/netproc.c | 4 | ||||
-rw-r--r-- | usr.sbin/ntpd/constraint.c | 4 | ||||
-rw-r--r-- | usr.sbin/ntpd/ntpd.c | 4 | ||||
-rw-r--r-- | usr.sbin/ocspcheck/http.c | 4 | ||||
-rw-r--r-- | usr.sbin/ypldap/parse.y | 4 |
6 files changed, 12 insertions, 12 deletions
diff --git a/usr.sbin/acme-client/http.c b/usr.sbin/acme-client/http.c index 13516fced89..79330ae2905 100644 --- a/usr.sbin/acme-client/http.c +++ b/usr.sbin/acme-client/http.c @@ -1,4 +1,4 @@ -/* $Id: http.c,v 1.23 2018/11/06 20:40:49 jsing Exp $ */ +/* $Id: http.c,v 1.24 2018/11/29 14:25:07 tedu Exp $ */ /* * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -135,7 +135,7 @@ http_init() goto err; } - if (tls_config_set_ca_file(tlscfg, TLS_CA_CERT_FILE) == -1) { + if (tls_config_set_ca_file(tlscfg, tls_default_ca_cert_file()) == -1) { warn("tls_config_set_ca_file: %s", tls_config_error(tlscfg)); goto err; } diff --git a/usr.sbin/acme-client/netproc.c b/usr.sbin/acme-client/netproc.c index 472c86aface..e5845401862 100644 --- a/usr.sbin/acme-client/netproc.c +++ b/usr.sbin/acme-client/netproc.c @@ -1,4 +1,4 @@ -/* $Id: netproc.c,v 1.18 2018/11/06 20:40:49 jsing Exp $ */ +/* $Id: netproc.c,v 1.19 2018/11/29 14:25:07 tedu Exp $ */ /* * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -613,7 +613,7 @@ netproc(int kfd, int afd, int Cfd, int cfd, int dfd, int rfd, memset(&paths, 0, sizeof(struct capaths)); memset(&c, 0, sizeof(struct conn)); - if (unveil(TLS_CA_CERT_FILE, "r") == -1) { + if (unveil(tls_default_ca_cert_file(), "r") == -1) { warn("unveil"); goto out; } diff --git a/usr.sbin/ntpd/constraint.c b/usr.sbin/ntpd/constraint.c index 68db1f7cf45..76dc4f7bdf5 100644 --- a/usr.sbin/ntpd/constraint.c +++ b/usr.sbin/ntpd/constraint.c @@ -1,4 +1,4 @@ -/* $OpenBSD: constraint.c,v 1.37 2018/11/06 20:41:36 jsing Exp $ */ +/* $OpenBSD: constraint.c,v 1.38 2018/11/29 14:25:07 tedu Exp $ */ /* * Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org> @@ -339,7 +339,7 @@ priv_constraint_child(const char *pw_dir, uid_t pw_uid, gid_t pw_gid) /* Init TLS and load CA certs before chroot() */ if (tls_init() == -1) fatalx("tls_init"); - if ((conf->ca = tls_load_file(TLS_CA_CERT_FILE, + if ((conf->ca = tls_load_file(tls_default_ca_cert_file(), &conf->ca_len, NULL)) == NULL) fatalx("failed to load constraint ca"); diff --git a/usr.sbin/ntpd/ntpd.c b/usr.sbin/ntpd/ntpd.c index a3847c4f4cf..a927be1a749 100644 --- a/usr.sbin/ntpd/ntpd.c +++ b/usr.sbin/ntpd/ntpd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ntpd.c,v 1.118 2018/11/06 20:41:36 jsing Exp $ */ +/* $OpenBSD: ntpd.c,v 1.119 2018/11/29 14:25:07 tedu Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -248,7 +248,7 @@ main(int argc, char *argv[]) * Constraint processes are forked with certificates in memory, * then privdrop into chroot before speaking to the outside world. */ - if (unveil(TLS_CA_CERT_FILE, "r") == -1) + if (unveil(tls_default_ca_cert_file(), "r") == -1) err(1, "unveil"); if (unveil("/usr/sbin/ntpd", "x") == -1) err(1, "unveil"); diff --git a/usr.sbin/ocspcheck/http.c b/usr.sbin/ocspcheck/http.c index ce479f27ef7..5c914a48571 100644 --- a/usr.sbin/ocspcheck/http.c +++ b/usr.sbin/ocspcheck/http.c @@ -1,4 +1,4 @@ -/* $Id: http.c,v 1.10 2018/11/06 20:41:11 jsing Exp $ */ +/* $Id: http.c,v 1.11 2018/11/29 14:25:07 tedu Exp $ */ /* * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -135,7 +135,7 @@ http_init() goto err; } - if (tls_config_set_ca_file(tlscfg, TLS_CA_CERT_FILE) == -1) { + if (tls_config_set_ca_file(tlscfg, tls_default_ca_cert_file()) == -1) { warn("tls_config_set_ca_file: %s", tls_config_error(tlscfg)); goto err; } diff --git a/usr.sbin/ypldap/parse.y b/usr.sbin/ypldap/parse.y index 3a317db7ca3..47b8381f449 100644 --- a/usr.sbin/ypldap/parse.y +++ b/usr.sbin/ypldap/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.31 2018/11/06 20:42:03 jsing Exp $ */ +/* $OpenBSD: parse.y,v 1.32 2018/11/29 14:25:07 tedu Exp $ */ /* * Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org> @@ -845,7 +845,7 @@ parse_config(struct env *x_conf, const char *filename, int opts) TAILQ_INIT(&conf->sc_idms); conf->sc_conf_tv.tv_sec = DEFAULT_INTERVAL; conf->sc_conf_tv.tv_usec = 0; - conf->sc_cafile = strdup(TLS_CA_CERT_FILE); + conf->sc_cafile = strdup(tls_default_ca_cert_file()); if (conf->sc_cafile == NULL) { log_warn("%s", __func__); return (-1); |