git: 8932f7ce1783 - main - local-unbound-setup: Use default root certificates
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 07 Feb 2023 10:22:14 UTC
The branch main has been updated by tijl:
URL: https://cgit.FreeBSD.org/src/commit/?id=8932f7ce1783a10e9ba79c61d54077aa7693552e
commit 8932f7ce1783a10e9ba79c61d54077aa7693552e
Author: Tijl Coosemans <tijl@FreeBSD.org>
AuthorDate: 2023-01-19 17:13:35 +0000
Commit: Tijl Coosemans <tijl@FreeBSD.org>
CommitDate: 2023-02-07 10:13:33 +0000
local-unbound-setup: Use default root certificates
Don't force /etc/ssl/cert.pem. It does not exist by default, only if
security/ca_root_nss is installed. Just use the default OpenSSL search
locations which are /etc/ssl/cert.pem and /etc/ssl/certs/.
The tls-system-cert option was added in Unbound 1.16.0.
Reviewed by: zlei
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D38243
---
usr.sbin/unbound/setup/local-unbound-setup.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/usr.sbin/unbound/setup/local-unbound-setup.sh b/usr.sbin/unbound/setup/local-unbound-setup.sh
index 3be78339b0ba..dc0768a672a6 100755
--- a/usr.sbin/unbound/setup/local-unbound-setup.sh
+++ b/usr.sbin/unbound/setup/local-unbound-setup.sh
@@ -260,7 +260,7 @@ gen_unbound_conf() {
echo " pidfile: ${pidfile}"
echo " auto-trust-anchor-file: ${anchor}"
if [ "${use_tls}" = "yes" ] ; then
- echo " tls-cert-bundle: /etc/ssl/cert.pem"
+ echo " tls-system-cert: yes"
fi
echo ""
if [ -f "${forward_conf}" ] ; then