From d1794e488e75570be7400e9d48a76abc62afa84e Mon Sep 17 00:00:00 2001 From: tedu <> Date: Thu, 29 Nov 2018 14:25:07 +0000 Subject: [PATCH] update for libtls default cert changes. bonus: this exposed a few missing const qualifiers. --- src/usr.sbin/ntpd/constraint.c | 4 ++-- src/usr.sbin/ntpd/ntpd.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/usr.sbin/ntpd/constraint.c b/src/usr.sbin/ntpd/constraint.c index 68db1f7c..76dc4f7b 100644 --- a/src/usr.sbin/ntpd/constraint.c +++ b/src/usr.sbin/ntpd/constraint.c @@ -1,4 +1,4 @@ -/* $OpenBSD: constraint.c,v 1.37 2018/11/06 20:41:36 jsing Exp $ */ +/* $OpenBSD: constraint.c,v 1.38 2018/11/29 14:25:07 tedu Exp $ */ /* * Copyright (c) 2015 Reyk Floeter @@ -339,7 +339,7 @@ priv_constraint_child(const char *pw_dir, uid_t pw_uid, gid_t pw_gid) /* Init TLS and load CA certs before chroot() */ if (tls_init() == -1) fatalx("tls_init"); - if ((conf->ca = tls_load_file(TLS_CA_CERT_FILE, + if ((conf->ca = tls_load_file(tls_default_ca_cert_file(), &conf->ca_len, NULL)) == NULL) fatalx("failed to load constraint ca"); diff --git a/src/usr.sbin/ntpd/ntpd.c b/src/usr.sbin/ntpd/ntpd.c index a3847c4f..a927be1a 100644 --- a/src/usr.sbin/ntpd/ntpd.c +++ b/src/usr.sbin/ntpd/ntpd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ntpd.c,v 1.118 2018/11/06 20:41:36 jsing Exp $ */ +/* $OpenBSD: ntpd.c,v 1.119 2018/11/29 14:25:07 tedu Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer @@ -248,7 +248,7 @@ main(int argc, char *argv[]) * Constraint processes are forked with certificates in memory, * then privdrop into chroot before speaking to the outside world. */ - if (unveil(TLS_CA_CERT_FILE, "r") == -1) + if (unveil(tls_default_ca_cert_file(), "r") == -1) err(1, "unveil"); if (unveil("/usr/sbin/ntpd", "x") == -1) err(1, "unveil");