libfetch: use default CA path rather than default CA file.

The default CA file set by FreeBSD is only available when using the
LibreSSL provided CA file, and we've decided to use the CA path
by default.

Discussed with @dominikh.
This commit is contained in:
Juan RP 2015-10-28 07:31:26 +01:00
parent 4fbfe6e823
commit f4cb178f6c

View File

@ -831,9 +831,9 @@ fetch_ssl_setup_peer_verification(SSL_CTX *ctx, int verbose)
const char *ca_cert_file, *ca_cert_path, *crl_file; const char *ca_cert_file, *ca_cert_path, *crl_file;
if (getenv("SSL_NO_VERIFY_PEER") == NULL) { if (getenv("SSL_NO_VERIFY_PEER") == NULL) {
ca_cert_file = getenv("SSL_CA_CERT_FILE") != NULL ? ca_cert_file = getenv("SSL_CA_CERT_FILE");
getenv("SSL_CA_CERT_FILE") : "/etc/ssl/cert.pem"; ca_cert_path = getenv("SSL_CA_CERT_PATH") != NULL ?
ca_cert_path = getenv("SSL_CA_CERT_PATH"); getenv("SSL_CA_CERT_PATH") : X509_get_default_cert_dir();
if (verbose) { if (verbose) {
fetch_info("Peer verification enabled"); fetch_info("Peer verification enabled");
if (ca_cert_file != NULL) if (ca_cert_file != NULL)