Make sure using SSL_CERT_FILE actually works, and has priority over system defaults.

PR: 376
author: Richard Levitte <levitte@openssl.org> 2002-12-05 01:20:53 +0000
committer: Richard Levitte <levitte@openssl.org> 2002-12-05 01:20:53 +0000
commit: 3124dd9c13ff6ba14899fa231fe22604c1381f45 (patch)
tree: 8ad0f01fe547109d010cb34b8c5a5b89e72792ac
parent: e5040378dfb831e7cb6ba020f20e42b53ed0053e (diff)
download: openssl-3124dd9c13ff6ba14899fa231fe22604c1381f45.tar.gz
1 files changed, 9 insertions, 8 deletions
diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c
index 78e9240a8d..05a3a0293b 100644
--- a/crypto/x509/by_file.c
+++ b/crypto/x509/by_file.c
@@ -100,18 +100,19 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
 	case X509_L_FILE_LOAD:
 		if (argl == X509_FILETYPE_DEFAULT)
 			{
-			ok = (X509_load_cert_crl_file(ctx,X509_get_default_cert_file(),
-				X509_FILETYPE_PEM) != 0);
+			file = (char *)Getenv(X509_get_default_cert_file_env());
+			if (file)
+				ok = (X509_load_cert_crl_file(ctx,file,
+					      X509_FILETYPE_PEM) != 0);
+
+			if (!ok)
+				ok = (X509_load_cert_crl_file(ctx,X509_get_default_cert_file(),
+					      X509_FILETYPE_PEM) != 0);
+
 			if (!ok)
 				{
 				X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS);
 				}
-			else
-				{
-				file=(char *)Getenv(X509_get_default_cert_file_env());
-				ok = (X509_load_cert_crl_file(ctx,file,
-					X509_FILETYPE_PEM) != 0);
-				}
 			}
 		else
 			{
author	Richard Levitte <levitte@openssl.org>	2002-12-05 01:20:53 +0000
committer	Richard Levitte <levitte@openssl.org>	2002-12-05 01:20:53 +0000
commit	3124dd9c13ff6ba14899fa231fe22604c1381f45 (patch)
tree	8ad0f01fe547109d010cb34b8c5a5b89e72792ac
parent	e5040378dfb831e7cb6ba020f20e42b53ed0053e (diff)
download	openssl-3124dd9c13ff6ba14899fa231fe22604c1381f45.tar.gz