libfetch: use default CA path rather than default CA file.
The default CA file set by FreeBSD is only available when using the LibreSSL provided CA file, and we've decided to use the CA path by default. Discussed with @dominikh.
This commit is contained in:
parent
4fbfe6e823
commit
f4cb178f6c
@ -831,9 +831,9 @@ fetch_ssl_setup_peer_verification(SSL_CTX *ctx, int verbose)
|
|||||||
const char *ca_cert_file, *ca_cert_path, *crl_file;
|
const char *ca_cert_file, *ca_cert_path, *crl_file;
|
||||||
|
|
||||||
if (getenv("SSL_NO_VERIFY_PEER") == NULL) {
|
if (getenv("SSL_NO_VERIFY_PEER") == NULL) {
|
||||||
ca_cert_file = getenv("SSL_CA_CERT_FILE") != NULL ?
|
ca_cert_file = getenv("SSL_CA_CERT_FILE");
|
||||||
getenv("SSL_CA_CERT_FILE") : "/etc/ssl/cert.pem";
|
ca_cert_path = getenv("SSL_CA_CERT_PATH") != NULL ?
|
||||||
ca_cert_path = getenv("SSL_CA_CERT_PATH");
|
getenv("SSL_CA_CERT_PATH") : X509_get_default_cert_dir();
|
||||||
if (verbose) {
|
if (verbose) {
|
||||||
fetch_info("Peer verification enabled");
|
fetch_info("Peer verification enabled");
|
||||||
if (ca_cert_file != NULL)
|
if (ca_cert_file != NULL)
|
||||||
|
Loading…
Reference in New Issue
Block a user