Fix bug in s_client. Previously default verify locations would only be loaded

if CAfile or CApath were also supplied and successfully loaded first. Reviewed-by: Richard Levitte <levitte@openssl.org>
author: Matt Caswell <matt@openssl.org> 2015-02-25 11:30:43 +0000
committer: Matt Caswell <matt@openssl.org> 2015-03-25 13:07:31 +0000
commit: 8338cf0bdb9a5b17cd46a0bf8f58c15f10960586 (patch)
tree: 09eca31fec1f9802702ab474ea4047da3ce44d30
parent: ddbf312fb4ae31eb2e87af736e0a3b5b347d736a (diff)
1 files changed, 5 insertions, 6 deletions
diff --git a/apps/s_client.c b/apps/s_client.c
index 8fa2b737aa..6c244acfad 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1336,13 +1336,12 @@ int MAIN(int argc, char **argv)
 
     SSL_CTX_set_verify(ctx, verify, verify_callback);
 
-    if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
-        (!SSL_CTX_set_default_verify_paths(ctx))) {
-        /*
-         * BIO_printf(bio_err,"error setting default verify locations\n");
-         */
+    if ((CAfile || CApath)
+        && !SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) {
+        ERR_print_errors(bio_err);
+    }
+    if (!SSL_CTX_set_default_verify_paths(ctx)) {
         ERR_print_errors(bio_err);
-        /* goto end; */
     }
 
     ssl_ctx_add_crls(ctx, crls, crl_download);
author	Matt Caswell <matt@openssl.org>	2015-02-25 11:30:43 +0000
committer	Matt Caswell <matt@openssl.org>	2015-03-25 13:07:31 +0000
commit	8338cf0bdb9a5b17cd46a0bf8f58c15f10960586 (patch)
tree	09eca31fec1f9802702ab474ea4047da3ce44d30
parent	ddbf312fb4ae31eb2e87af736e0a3b5b347d736a (diff)