diff options
| author | Maxime “pep” Buquet <pep@bouah.net> | 2022-07-11 14:56:15 +0200 |
|---|---|---|
| committer | Maxime “pep” Buquet <pep@bouah.net> | 2022-07-11 14:56:15 +0200 |
| commit | cac5ef8d0ea705acc17c8d305e3c74bab14196d2 (patch) | |
| tree | 07f9f7e5ef147b1cdae8759251a468cc30e30a1f | |
| parent | 237fd74f7611aa8bc77fa546611f3fc1d8f29a13 (diff) | |
| download | poezio-cac5ef8d0ea705acc17c8d305e3c74bab14196d2.tar.gz poezio-cac5ef8d0ea705acc17c8d305e3c74bab14196d2.tar.bz2 poezio-cac5ef8d0ea705acc17c8d305e3c74bab14196d2.tar.xz poezio-cac5ef8d0ea705acc17c8d305e3c74bab14196d2.zip | |
Default to using the CA store
Depends on slixmpp!209.
This prevents us from having to manually add every single
ca-certificates paths out there. It does allow users still to use their
custom CA.
Signed-off-by: Maxime “pep” Buquet <pep@bouah.net>
| -rw-r--r-- | data/default_config.cfg | 4 | ||||
| -rw-r--r-- | poezio/config.py | 12 |
2 files changed, 3 insertions, 13 deletions
diff --git a/data/default_config.cfg b/data/default_config.cfg index d91ff36a..8e926c0e 100644 --- a/data/default_config.cfg +++ b/data/default_config.cfg @@ -84,8 +84,8 @@ certificate = # keep the same for obvious reasons, so this is a good option if your server # does this, rather than skipping all verifications. # This is not affected by ignore_certificate -# Poezio attempts to guess this value automatically. Set to override this -# behaviour, to the empty string for example, or to another path. +# Poezio attempts to guess this value automatically if empty. To override this +# behaviour, set the value to another path. #ca_cert_path = # Auto-reconnects you when you get disconnected from the server diff --git a/poezio/config.py b/poezio/config.py index dbbed5ba..4eb43cad 100644 --- a/poezio/config.py +++ b/poezio/config.py @@ -30,16 +30,6 @@ ConfigDict = Dict[str, Dict[str, ConfigValue]] USE_DEFAULT_SECTION = '__DEFAULT SECTION PLACEHOLDER__' -CA_CERT_DEFAULT_PATHS = { - '/etc/ssl/cert.pem', - '/etc/ssl/certs/ca-certificates.crt', - '/etc/ssl/certs/ca-bundle.crt', - '/etc/pki/tls/certs/ca-bundle.crt', - '/etc/ssl/certs/ca-certificates.crt', - '/etc/ca-certificates/extracted/tls-ca-bundle.pem', - '/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt', -} - DEFAULT_CONFIG: ConfigDict = { 'Poezio': { 'ack_message_receipts': True, @@ -51,7 +41,7 @@ DEFAULT_CONFIG: ConfigDict = { 'autorejoin_delay': '5', 'autorejoin': False, 'beep_on': 'highlight private invite disconnect', - 'ca_cert_path': ':'.join(CA_CERT_DEFAULT_PATHS), + 'ca_cert_path': '', 'certificate': '', 'certfile': '', 'ciphers': 'HIGH+kEDH:HIGH+kEECDH:HIGH:!PSK:!SRP:!3DES:!aNULL', |