mail/opensmtpd: Use the correct OpenSSL idiom to load the trust store.

Fixes: bde578cbfcf9 PR: 274322 MFH: 2023Q4 Approved by: fluffy Differential Revision: https://reviews.freebsd.org/D42123
author: Dag-Erling Smørgrav <des@FreeBSD.org> 2023-10-27 11:16:29 +0200
committer: Dag-Erling Smørgrav <des@FreeBSD.org> 2023-10-27 11:16:43 +0200
commit: e11bc472633868a658ecbb8176b2b3ede4ae6e0d (patch)
tree: 6d83d52e27e8a8d986aabd3003f9d121eaef2e6b /mail/opensmtpd/files/patch-openbsd-compat_libtls_tls.c
parent: x11-servers/xwayland: Update to 23.2.2 (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/mail/opensmtpd/files/patch-openbsd-compat_libtls_tls.c b/mail/opensmtpd/files/patch-openbsd-compat_libtls_tls.c
new file mode 100644
index 000000000000..cd033b41dace
--- /dev/null
+++ b/mail/opensmtpd/files/patch-openbsd-compat_libtls_tls.c
@@ -0,0 +1,16 @@
+--- openbsd-compat/libtls/tls.c.orig	2023-09-16 18:11:28 UTC
++++ openbsd-compat/libtls/tls.c
+@@ -584,10 +584,10 @@ tls_configure_ssl_verify(struct tls *ctx, SSL_CTX *ssl
+ 
+ 	/* If no CA has been specified, attempt to load the default. */
+ 	if (ctx->config->ca_mem == NULL && ctx->config->ca_path == NULL) {
+-		if (tls_config_load_file(&ctx->error, "CA", tls_default_ca_cert_file(),
+-		    &ca_mem, &ca_len) != 0)
++		if (!SSL_CTX_set_default_verify_paths(ssl_ctx)) {
++			tls_set_error(ctx, "failed to load default trust store");
+ 			goto err;
+-		ca_free = ca_mem;
++		}
+ 	}
+ 
+ 	if (ca_mem != NULL) {
author	Dag-Erling Smørgrav <des@FreeBSD.org>	2023-10-27 11:16:29 +0200
committer	Dag-Erling Smørgrav <des@FreeBSD.org>	2023-10-27 11:16:43 +0200
commit	e11bc472633868a658ecbb8176b2b3ede4ae6e0d (patch)
tree	6d83d52e27e8a8d986aabd3003f9d121eaef2e6b /mail/opensmtpd/files/patch-openbsd-compat_libtls_tls.c
parent	x11-servers/xwayland: Update to 23.2.2 (diff)