diff options
author | Rob Percival <robpercival@google.com> | 2016-03-04 19:06:43 +0000 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2016-03-09 13:07:09 -0500 |
commit | 328f36c5c51994391363162b76c94819f9a12ae0 (patch) | |
tree | 1c08ac98876a0d79ca8293fbc52e82b1b3f124fe /apps | |
parent | 60b350a3ef9620866a43358ecd1874c6fc482d9c (diff) |
Do not display a CT log error message if CT validation is disabled
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'apps')
-rw-r--r-- | apps/apps.c | 6 | ||||
-rw-r--r-- | apps/s_client.c | 14 |
2 files changed, 13 insertions, 7 deletions
diff --git a/apps/apps.c b/apps/apps.c index 4e2322d7a7..9bbb39e139 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -238,11 +238,7 @@ int ctx_set_verify_locations(SSL_CTX *ctx, const char *CAfile, int ctx_set_ctlog_list_file(SSL_CTX *ctx, const char *path) { if (path == NULL) { - if (SSL_CTX_set_default_ctlog_list_file(ctx) <= 0) { - BIO_puts(bio_err, "Failed to load default Certificate Transparency " - "log list\n"); - } - return 1; /* Do not treat failure to load the default as an error */ + return SSL_CTX_set_default_ctlog_list_file(ctx); } return SSL_CTX_set_ctlog_list_file(ctx, path); diff --git a/apps/s_client.c b/apps/s_client.c index 25f51487f1..cf238c795b 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -1670,8 +1670,18 @@ int s_client_main(int argc, char **argv) } if (!ctx_set_ctlog_list_file(ctx, ctlog_file)) { - ERR_print_errors(bio_err); - goto end; + if (ct_validation != NULL) { + ERR_print_errors(bio_err); + goto end; + } + + /* + * If CT validation is not enabled, the log list isn't needed so don't + * show errors or abort. We try to load it regardless because then we + * can show the names of the logs any SCTs came from (SCTs may be seen + * even with validation disabled). + */ + ERR_clear_error(); } #endif |