Make sure using SSL_CERT_FILE actually works, and has priority over system defaults.

PR: 376

1 files changed, 9 insertions, 8 deletions

diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c
index 92e00d2d73..d8731d4e51 100644
--- a/crypto/x509/by_file.c
+++ b/crypto/x509/by_file.c
@@ -100,18 +100,19 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
 	case X509_L_FILE_LOAD:
 		if (argl == X509_FILETYPE_DEFAULT)
 			{
-			ok = (X509_load_cert_crl_file(ctx,X509_get_default_cert_file(),
-				X509_FILETYPE_PEM) != 0);
+			file = (char *)Getenv(X509_get_default_cert_file_env());
+			if (file)
+				ok = (X509_load_cert_crl_file(ctx,file,
+					      X509_FILETYPE_PEM) != 0);
+
+			if (!ok)
+				ok = (X509_load_cert_crl_file(ctx,X509_get_default_cert_file(),
+					      X509_FILETYPE_PEM) != 0);
+
 			if (!ok)
 				{
 				X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS);
 				}
-			else
-				{
-				file=(char *)Getenv(X509_get_default_cert_file_env());
-				ok = (X509_load_cert_crl_file(ctx,file,
-					X509_FILETYPE_PEM) != 0);
-				}
 			}
 		else
 			{