Date: Sat, 24 May 2014 22:50:59 +0000 (UTC) From: Dag-Erling Smørgrav <des@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r266632 - stable/10/lib/libfetch Message-ID: <201405242250.s4OMoxfI056871@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: des Date: Sat May 24 22:50:58 2014 New Revision: 266632 URL: http://svnweb.freebsd.org/changeset/base/266632 Log: MFH (r266291): look for root certs in /usr/local first Modified: stable/10/lib/libfetch/common.c Directory Properties: stable/10/ (props changed) Modified: stable/10/lib/libfetch/common.c ============================================================================== --- stable/10/lib/libfetch/common.c Sat May 24 22:46:00 2014 (r266631) +++ stable/10/lib/libfetch/common.c Sat May 24 22:50:58 2014 (r266632) @@ -688,6 +688,8 @@ fetch_ssl_setup_transport_layer(SSL_CTX /* * Configure peer verification based on environment. */ +#define LOCAL_CERT_FILE "/usr/local/etc/ssl/cert.pem" +#define BASE_CERT_FILE "/etc/ssl/cert.pem" static int fetch_ssl_setup_peer_verification(SSL_CTX *ctx, int verbose) { @@ -696,8 +698,12 @@ fetch_ssl_setup_peer_verification(SSL_CT const char *ca_cert_file, *ca_cert_path, *crl_file; if (getenv("SSL_NO_VERIFY_PEER") == NULL) { - ca_cert_file = getenv("SSL_CA_CERT_FILE") != NULL ? - getenv("SSL_CA_CERT_FILE") : "/etc/ssl/cert.pem"; + ca_cert_file = getenv("SSL_CA_CERT_FILE"); + if (ca_cert_file == NULL && + access(LOCAL_CERT_FILE, R_OK) == 0) + ca_cert_file = LOCAL_CERT_FILE; + if (ca_cert_file == NULL) + ca_cert_file = BASE_CERT_FILE; ca_cert_path = getenv("SSL_CA_CERT_PATH"); if (verbose) { fetch_info("Peer verification enabled");
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201405242250.s4OMoxfI056871>