From 56f5702a7abc8aba9804a1d45f3a5662a2121a19 Mon Sep 17 00:00:00 2001
From: Patrick McDermott <patrick.mcdermott@libiquity.com>
Date: Wed, 31 Jul 2019 01:52:42 -0400
Subject: build: Make CA root certificates path configurable

Use of installed CA root certificates can also be disabled entirely, but
that just breaks everything.
---
(limited to 'src')

diff --git a/src/s_client.c b/src/s_client.c
index 37d59fb..0cd77ca 100644
--- a/src/s_client.c
+++ b/src/s_client.c
@@ -19,6 +19,10 @@
  * along with wolfssl-util.  If not, see <http://www.gnu.org/licenses/>.
  */
 
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
 #include <errno.h>
 #include <netdb.h>
 #include <poll.h>
@@ -35,8 +39,6 @@
 
 #include "commands.h"
 
-#define CA_CERTS "/etc/ssl/certs"
-
 #define ARRAY_SIZE(a)  (sizeof(a) / sizeof((a)[0]))
 #undef MAX
 #define MAX(a, b)      (((a) > (b)) ? (a) : (b))
@@ -313,12 +315,14 @@ s_client(int argc, char **argv)
 		goto error;
 	}
 
+#if defined(HAVE_CA_CERTS) && HAVE_CA_CERTS
 	if (wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, CA_CERTS,
 				WOLFSSL_LOAD_FLAG_IGNORE_ERR) !=
 			WOLFSSL_SUCCESS) {
 		fputs("Failed to load CA certificates\n", stderr);
 		goto error;
 	}
+#endif
 
 	(void) servername;
 	if (
--
cgit v0.9.1