The value of DEFAULT_CA_FILE is hard-coded to "/etc/ssl/cert.pem" in the ocpscheck/http.c file.
This may not always be the desired default location. Allow the default to be changed with a command-line define via CPPFLAGS the same way the same-named value can be changed for nc/netcat.c. Instead of always defining DEFAULT_CA_FILE, only define it if it's not already defined. Signed-off-by: Kyle J. McKay <mack...@gmail.com> --- For those using the libressl-2.5.4.tar.gz distribution, an equivalent patch that updates the tarball files instead can be found here: https://gist.github.com/15f9aa33a299491e7bb9318b650f08b2 src/usr.sbin/ocspcheck/http.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/usr.sbin/ocspcheck/http.c b/src/usr.sbin/ocspcheck/http.c index 6830baca..4683f5ab 100644 --- a/src/usr.sbin/ocspcheck/http.c +++ b/src/usr.sbin/ocspcheck/http.c @@ -35,7 +35,9 @@ #include "http.h" #include <tls.h> +#ifndef DEFAULT_CA_FILE #define DEFAULT_CA_FILE "/etc/ssl/cert.pem" +#endif /* * A buffer for transferring HTTP/S data. ---