Fix bug in s_client. Previously default verify locations would only be loaded

if CAfile or CApath were also supplied and successfully loaded first. Reviewed-by: Richard Levitte <levitte@openssl.org>
author: Matt Caswell <matt@openssl.org> 2015-02-25 11:30:43 +0000
committer: Matt Caswell <matt@openssl.org> 2015-03-25 13:03:57 +0000
commit: 70e5fd877890489a3972bf8bf50bfec1fca3875e (patch)
tree: 8f61626b54eb4c8cd87a97b733f9dad32b03d11f /apps
parent: c62e94d805fa2900a0d6d723715aaf45f75b6c14 (diff)
download: openssl-70e5fd877890489a3972bf8bf50bfec1fca3875e.tar.gz
1 files changed, 5 insertions, 6 deletions
diff --git a/apps/s_client.c b/apps/s_client.c
index c02ed3c0e5..cdea32280c 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1352,13 +1352,12 @@ int MAIN(int argc, char **argv)
 
     SSL_CTX_set_verify(ctx, verify, verify_callback);
 
-    if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
-        (!SSL_CTX_set_default_verify_paths(ctx))) {
-        /*
-         * BIO_printf(bio_err,"error setting default verify locations\n");
-         */
+    if ((CAfile || CApath)
+        && !SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) {
+        ERR_print_errors(bio_err);
+    }
+    if (!SSL_CTX_set_default_verify_paths(ctx)) {
         ERR_print_errors(bio_err);
-        /* goto end; */
     }
 
     ssl_ctx_add_crls(ctx, crls, crl_download);
author	Matt Caswell <matt@openssl.org>	2015-02-25 11:30:43 +0000
committer	Matt Caswell <matt@openssl.org>	2015-03-25 13:03:57 +0000
commit	70e5fd877890489a3972bf8bf50bfec1fca3875e (patch)
tree	8f61626b54eb4c8cd87a97b733f9dad32b03d11f /apps
parent	c62e94d805fa2900a0d6d723715aaf45f75b6c14 (diff)
download	openssl-70e5fd877890489a3972bf8bf50bfec1fca3875e.tar.gz