generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix bug in s_client. Previously default verify locations would only be loaded

Browse Source 
if CAfile or CApath were also supplied and successfully loaded first.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 70e5fd8778)
This commit is contained in:
Matt Caswell
2015-02-25 11:30:43 +00:00
parent 42c9c7103c
commit fe9b85c3cb
1 changed files with 5 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
apps/s_client.c
View File

@@ -1177,13 +1177,12 @@ int MAIN(int argc, char **argv)
if (!set_cert_key_stuff(ctx, cert, key)) if (!set_cert_key_stuff(ctx, cert, key))
goto end; goto end;
if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) || if ((CAfile || CApath)
(!SSL_CTX_set_default_verify_paths(ctx))) { && !SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) {
/* ERR_print_errors(bio_err);
* BIO_printf(bio_err,"error setting default verify locations\n"); }
*/ if (!SSL_CTX_set_default_verify_paths(ctx)) {
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
/* goto end; */
} }
#ifndef OPENSSL_NO_TLSEXT #ifndef OPENSSL_NO_TLSEXT
if (servername != NULL) { if (servername != NULL) {