CVSROOT: /cvs Module name: src Changes by: js...@cvs.openbsd.org 2016/10/04 09:49:42
Modified files:
usr.sbin/acme-client: http.c http.h netproc.c
Log message:
Avoid a potential MITM - calling tls_config_insecure_noverify() is a bad
idea, so stop doing that. Instead, use a single tls_config, set it up and
configure the CA file to use while we still have rpath, then drop rpath.
This also avoids creating a new tls_config for each and every HTTPS
connection, which is unnecessary.
ok benno@ florian@
