Browse Source

update for libtls default cert changes.

bonus: this exposed a few missing const qualifiers.
OPENBSD_6_5
tedu 6 years ago
parent
commit
d1794e488e
2 changed files with 4 additions and 4 deletions
  1. +2
    -2
      src/usr.sbin/ntpd/constraint.c
  2. +2
    -2
      src/usr.sbin/ntpd/ntpd.c

+ 2
- 2
src/usr.sbin/ntpd/constraint.c View File

@ -1,4 +1,4 @@
/* $OpenBSD: constraint.c,v 1.37 2018/11/06 20:41:36 jsing Exp $ */
/* $OpenBSD: constraint.c,v 1.38 2018/11/29 14:25:07 tedu Exp $ */
/*
* Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org>
@ -339,7 +339,7 @@ priv_constraint_child(const char *pw_dir, uid_t pw_uid, gid_t pw_gid)
/* Init TLS and load CA certs before chroot() */
if (tls_init() == -1)
fatalx("tls_init");
if ((conf->ca = tls_load_file(TLS_CA_CERT_FILE,
if ((conf->ca = tls_load_file(tls_default_ca_cert_file(),
&conf->ca_len, NULL)) == NULL)
fatalx("failed to load constraint ca");


+ 2
- 2
src/usr.sbin/ntpd/ntpd.c View File

@ -1,4 +1,4 @@
/* $OpenBSD: ntpd.c,v 1.118 2018/11/06 20:41:36 jsing Exp $ */
/* $OpenBSD: ntpd.c,v 1.119 2018/11/29 14:25:07 tedu Exp $ */
/*
* Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@ -248,7 +248,7 @@ main(int argc, char *argv[])
* Constraint processes are forked with certificates in memory,
* then privdrop into chroot before speaking to the outside world.
*/
if (unveil(TLS_CA_CERT_FILE, "r") == -1)
if (unveil(tls_default_ca_cert_file(), "r") == -1)
err(1, "unveil");
if (unveil("/usr/sbin/ntpd", "x") == -1)
err(1, "unveil");


Loading…
Cancel
Save