From: Matt Caswell Date: Wed, 25 Feb 2015 11:30:43 +0000 (+0000) Subject: Fix bug in s_client. Previously default verify locations would only be loaded X-Git-Tag: OpenSSL_1_1_0-pre1~1448 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=70e5fd877890489a3972bf8bf50bfec1fca3875e;p=oweals%2Fopenssl.git Fix bug in s_client. Previously default verify locations would only be loaded if CAfile or CApath were also supplied and successfully loaded first. Reviewed-by: Richard Levitte --- diff --git a/apps/s_client.c b/apps/s_client.c index c02ed3c0e5..cdea32280c 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -1352,13 +1352,12 @@ int MAIN(int argc, char **argv) SSL_CTX_set_verify(ctx, verify, verify_callback); - if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) || - (!SSL_CTX_set_default_verify_paths(ctx))) { - /* - * BIO_printf(bio_err,"error setting default verify locations\n"); - */ + if ((CAfile || CApath) + && !SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) { + ERR_print_errors(bio_err); + } + if (!SSL_CTX_set_default_verify_paths(ctx)) { ERR_print_errors(bio_err); - /* goto end; */ } ssl_ctx_add_crls(ctx, crls, crl_download);