diff options
author | Matt Caswell <matt@openssl.org> | 2015-02-25 11:30:43 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2015-03-25 13:03:57 +0000 |
commit | 70e5fd877890489a3972bf8bf50bfec1fca3875e (patch) | |
tree | 8f61626b54eb4c8cd87a97b733f9dad32b03d11f /apps/s_client.c | |
parent | c62e94d805fa2900a0d6d723715aaf45f75b6c14 (diff) | |
download | openssl-70e5fd877890489a3972bf8bf50bfec1fca3875e.tar.gz |
Fix bug in s_client. Previously default verify locations would only be loaded
if CAfile or CApath were also supplied and successfully loaded first.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'apps/s_client.c')
-rw-r--r-- | apps/s_client.c | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/apps/s_client.c b/apps/s_client.c index c02ed3c0e5..cdea32280c 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -1352,13 +1352,12 @@ int MAIN(int argc, char **argv) SSL_CTX_set_verify(ctx, verify, verify_callback); - if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) || - (!SSL_CTX_set_default_verify_paths(ctx))) { - /* - * BIO_printf(bio_err,"error setting default verify locations\n"); - */ + if ((CAfile || CApath) + && !SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) { + ERR_print_errors(bio_err); + } + if (!SSL_CTX_set_default_verify_paths(ctx)) { ERR_print_errors(bio_err); - /* goto end; */ } ssl_ctx_add_crls(ctx, crls, crl_download); |