diff options
| author | Tijl Coosemans <tijl@FreeBSD.org> | 2023-01-19 17:13:35 +0000 |
|---|---|---|
| committer | Tijl Coosemans <tijl@FreeBSD.org> | 2023-02-13 10:52:20 +0000 |
| commit | 412d15f7268e0662909822b1aef71536a2b285e5 (patch) | |
| tree | 81196cc1145cb10e7daa67946d107f4289965b22 | |
| parent | 59ab4b95129dd5d64a52e0822b4fb5621bf65e9c (diff) | |
| download | src-412d15f7268e0662909822b1aef71536a2b285e5.tar.gz src-412d15f7268e0662909822b1aef71536a2b285e5.zip | |
local-unbound-setup: Use default root certificates
Don't force /etc/ssl/cert.pem. It does not exist by default, only if
security/ca_root_nss is installed. Just use the default OpenSSL search
locations which are /etc/ssl/cert.pem and /etc/ssl/certs/.
The tls-system-cert option was added in Unbound 1.16.0.
Reviewed by: zlei
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D38243
(cherry picked from commit 8932f7ce1783a10e9ba79c61d54077aa7693552e)
| -rwxr-xr-x | usr.sbin/unbound/setup/local-unbound-setup.sh | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/usr.sbin/unbound/setup/local-unbound-setup.sh b/usr.sbin/unbound/setup/local-unbound-setup.sh index 3be78339b0ba..dc0768a672a6 100755 --- a/usr.sbin/unbound/setup/local-unbound-setup.sh +++ b/usr.sbin/unbound/setup/local-unbound-setup.sh @@ -260,7 +260,7 @@ gen_unbound_conf() { echo " pidfile: ${pidfile}" echo " auto-trust-anchor-file: ${anchor}" if [ "${use_tls}" = "yes" ] ; then - echo " tls-cert-bundle: /etc/ssl/cert.pem" + echo " tls-system-cert: yes" fi echo "" if [ -f "${forward_conf}" ] ; then |