diff options
author | Matt Caswell <matt@openssl.org> | 2015-02-25 11:30:43 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2015-03-25 13:07:31 +0000 |
commit | 8338cf0bdb9a5b17cd46a0bf8f58c15f10960586 (patch) | |
tree | 09eca31fec1f9802702ab474ea4047da3ce44d30 /apps | |
parent | ddbf312fb4ae31eb2e87af736e0a3b5b347d736a (diff) |
Fix bug in s_client. Previously default verify locations would only be loaded
if CAfile or CApath were also supplied and successfully loaded first.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'apps')
-rw-r--r-- | apps/s_client.c | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/apps/s_client.c b/apps/s_client.c index 8fa2b737aa..6c244acfad 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -1336,13 +1336,12 @@ int MAIN(int argc, char **argv) SSL_CTX_set_verify(ctx, verify, verify_callback); - if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) || - (!SSL_CTX_set_default_verify_paths(ctx))) { - /* - * BIO_printf(bio_err,"error setting default verify locations\n"); - */ + if ((CAfile || CApath) + && !SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) { + ERR_print_errors(bio_err); + } + if (!SSL_CTX_set_default_verify_paths(ctx)) { ERR_print_errors(bio_err); - /* goto end; */ } ssl_ctx_add_crls(ctx, crls, crl_download); |