Document CA file & dir compiler options

and fix a trivia typo

Makefile

@@ -26,6 +26,12 @@ OPTFLAGS += -DSETPROCTITLE -DSPT_TYPE=2
 # DARWIN
 #OPTFLAGS += -DDARWIN
 
+# DARWIN, continued, if compiling for macOS with Homebrew
+#CFLAGS += -I/usr/local/opt/openssl/include
+#LDFLAGS += -L/usr/local/opt/openssl/lib
+#OPTFLAGS += -DDEFAULT_CA_FILE='"/usr/local/etc/openssl@1.1/cacert.pem"'
+#OPTFLAGS += -DDEFAULT_CA_DIR=NULL
+
 # CYGWIN
 #OPTFLAGS += -DCYGWIN
 

docs/proxytunnel.1.adoc

@@ -69,7 +69,8 @@ also be used for other proxy-traversing purposes like proxy bouncing.
 *-C*, *--cacert*=_filename/directory_::
     Specify a CA certificate file (or directory containing CA certificate(s))
     to trust when verifying a server SSL certificate. If a directory is provided,
-    it must be prepared with OpenSSL's c_rehash tool. (default: /etc/ssl/certs)
+    it must be prepared with OpenSSL's c_rehash tool. (default, unless changed at
+    compile time using DEFAULT_CA_FILE or DEFAULT_CA_DIR options: /etc/ssl/certs)
 
 *-F*, *--passfile*=_filename_::
     Use _filename_ for reading username and password for HTTPS proxy

ptstream.c

@@ -266,7 +266,7 @@ int stream_enable_ssl(PTSTREAM *pts, const char *proxy_arg) {
 #ifndef DEFAULT_CA_FILE
 	const char *ca_file = NULL;
 #else
-	const char *ca_file = DEFAULT_CA_FILE; /* Default cert file from in Makefile */
+	const char *ca_file = DEFAULT_CA_FILE; /* Default cert file from Makefile */
 #endif /* !DEFAULT_CA_FILE */
 #ifndef DEFAULT_CA_DIR
 	const char *ca_dir = "/etc/ssl/certs/"; /* Default cert directory if none given */