From 8932f7ce1783a10e9ba79c61d54077aa7693552e Mon Sep 17 00:00:00 2001
From: Tijl Coosemans <tijl@FreeBSD.org>
Date: Thu, 19 Jan 2023 18:13:35 +0100
Subject: [PATCH] local-unbound-setup: Use default root certificates

Don't force /etc/ssl/cert.pem.  It does not exist by default, only if
security/ca_root_nss is installed.  Just use the default OpenSSL search
locations which are /etc/ssl/cert.pem and /etc/ssl/certs/.

The tls-system-cert option was added in Unbound 1.16.0.

Reviewed by:	zlei
MFC after:	3 days
Differential Revision:	https://reviews.freebsd.org/D38243
---
 usr.sbin/unbound/setup/local-unbound-setup.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/usr.sbin/unbound/setup/local-unbound-setup.sh b/usr.sbin/unbound/setup/local-unbound-setup.sh
index 3be78339b0ba..dc0768a672a6 100755
--- a/usr.sbin/unbound/setup/local-unbound-setup.sh
+++ b/usr.sbin/unbound/setup/local-unbound-setup.sh
@@ -260,7 +260,7 @@ gen_unbound_conf() {
 	echo "        pidfile: ${pidfile}"
 	echo "        auto-trust-anchor-file: ${anchor}"
 	if [ "${use_tls}" = "yes" ] ; then
-		echo "        tls-cert-bundle: /etc/ssl/cert.pem"
+		echo "        tls-system-cert: yes"
 	fi
 	echo ""
 	if [ -f "${forward_conf}" ] ; then