From cac5ef8d0ea705acc17c8d305e3c74bab14196d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maxime=20=E2=80=9Cpep=E2=80=9D=20Buquet?= Date: Mon, 11 Jul 2022 14:56:15 +0200 Subject: [PATCH] Default to using the CA store MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Depends on slixmpp!209. This prevents us from having to manually add every single ca-certificates paths out there. It does allow users still to use their custom CA. Signed-off-by: Maxime “pep” Buquet --- data/default_config.cfg | 4 ++-- poezio/config.py | 12 +----------- 2 files changed, 3 insertions(+), 13 deletions(-) diff --git a/data/default_config.cfg b/data/default_config.cfg index d91ff36a..8e926c0e 100644 --- a/data/default_config.cfg +++ b/data/default_config.cfg @@ -84,8 +84,8 @@ certificate = # keep the same for obvious reasons, so this is a good option if your server # does this, rather than skipping all verifications. # This is not affected by ignore_certificate -# Poezio attempts to guess this value automatically. Set to override this -# behaviour, to the empty string for example, or to another path. +# Poezio attempts to guess this value automatically if empty. To override this +# behaviour, set the value to another path. #ca_cert_path = # Auto-reconnects you when you get disconnected from the server diff --git a/poezio/config.py b/poezio/config.py index dbbed5ba..4eb43cad 100644 --- a/poezio/config.py +++ b/poezio/config.py @@ -30,16 +30,6 @@ ConfigDict = Dict[str, Dict[str, ConfigValue]] USE_DEFAULT_SECTION = '__DEFAULT SECTION PLACEHOLDER__' -CA_CERT_DEFAULT_PATHS = { - '/etc/ssl/cert.pem', - '/etc/ssl/certs/ca-certificates.crt', - '/etc/ssl/certs/ca-bundle.crt', - '/etc/pki/tls/certs/ca-bundle.crt', - '/etc/ssl/certs/ca-certificates.crt', - '/etc/ca-certificates/extracted/tls-ca-bundle.pem', - '/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt', -} - DEFAULT_CONFIG: ConfigDict = { 'Poezio': { 'ack_message_receipts': True, @@ -51,7 +41,7 @@ DEFAULT_CONFIG: ConfigDict = { 'autorejoin_delay': '5', 'autorejoin': False, 'beep_on': 'highlight private invite disconnect', - 'ca_cert_path': ':'.join(CA_CERT_DEFAULT_PATHS), + 'ca_cert_path': '', 'certificate': '', 'certfile': '', 'ciphers': 'HIGH+kEDH:HIGH+kEECDH:HIGH:!PSK:!SRP:!3DES:!aNULL',