Commit 8338cf0b authored by Matt Caswell's avatar Matt Caswell
Browse files

Fix bug in s_client. Previously default verify locations would only be loaded 


if CAfile or CApath were also supplied and successfully loaded first.

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
parent ddbf312f

apps/s_client.c

+5 −6
Original line number Diff line number Diff line
@@ -1336,13 +1336,12 @@ int MAIN(int argc, char **argv) 


    SSL_CTX_set_verify(ctx, verify, verify_callback);



    if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||

        (!SSL_CTX_set_default_verify_paths(ctx))) {

        /*

         * BIO_printf(bio_err,"error setting default verify locations\n");

         */

    if ((CAfile || CApath)

        && !SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) {

        ERR_print_errors(bio_err);

    }

    if (!SSL_CTX_set_default_verify_paths(ctx)) {

        ERR_print_errors(bio_err);

        /* goto end; */

    }



    ssl_ctx_add_crls(ctx, crls, crl_download);