[PATCH] ocspcheck/http.c: allow DEFAULT_CA_FILE override

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[PATCH] ocspcheck/http.c: allow DEFAULT_CA_FILE override

Kyle J. McKay
The value of DEFAULT_CA_FILE is hard-coded to "/etc/ssl/cert.pem"
in the ocpscheck/http.c file.

This may not always be the desired default location.  Allow the
default to be changed with a command-line define via CPPFLAGS the
same way the same-named value can be changed for nc/netcat.c.

Instead of always defining DEFAULT_CA_FILE, only define it if
it's not already defined.

Signed-off-by: Kyle J. McKay <[hidden email]>
---

For those using the libressl-2.5.4.tar.gz distribution, an equivalent
patch that updates the tarball files instead can be found here:

  https://gist.github.com/15f9aa33a299491e7bb9318b650f08b2

 src/usr.sbin/ocspcheck/http.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/usr.sbin/ocspcheck/http.c b/src/usr.sbin/ocspcheck/http.c
index 6830baca..4683f5ab 100644
--- a/src/usr.sbin/ocspcheck/http.c
+++ b/src/usr.sbin/ocspcheck/http.c
@@ -35,7 +35,9 @@
 #include "http.h"
 #include <tls.h>
 
+#ifndef DEFAULT_CA_FILE
 #define DEFAULT_CA_FILE "/etc/ssl/cert.pem"
+#endif
 
 /*
  * A buffer for transferring HTTP/S data.
---