base.m4, config.m4: Make the certificate list tweakable in config.

diff --git a/base.m4 b/base.m4
index 4961012..c0dd892 100644 (file)
--- a/base.m4
+++ b/base.m4
@@ -105,7 +105,7 @@ SECTION(global, bounce)m4_dnl
 delay_warning = 1h : 24h : 2d
 
 SECTION(global, tls)m4_dnl
-tls_certificate = CONF_sysconf_dir/server.certlist
+tls_certificate = CONF_certlist
 tls_privatekey = CONF_sysconf_dir/server.key
 tls_advertise_hosts = ${if exists {CONF_sysconf_dir/server.key} {*}{}}
 tls_dhparam = CONF_ca_dir/dh-param-2048.pem

diff --git a/config.m4 b/config.m4
index 5cabfeb..db6b966 100644 (file)
--- a/config.m4
+++ b/config.m4
@@ -79,6 +79,9 @@ DEFCONF(relay_clients, <m4_dnl
 ; 172.29.198.161 ; 2001:ba8:1d9:a000::1:1 m4_dnl national
 )
 
+## TLS certificate list.
+DEFCONF(certlist, CONF_sysconf_dir/server.certlist)
+
 ## TLS-related settings.  We're assuming GNUTLS here, rather than OpenSSL.
 ## For local connections we are very strict.  For random clients, we try
 ## fairly hard to encourage any kind of crypto on the grounds that probably