Commit fe9b85c3 authored by Matt Caswell's avatar Matt Caswell
Browse files

Fix bug in s_client. Previously default verify locations would only be loaded 


if CAfile or CApath were also supplied and successfully loaded first.

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
(cherry picked from commit 70e5fd87)
parent 42c9c710

apps/s_client.c

+5 −6
Original line number Diff line number Diff line
@@ -1177,13 +1177,12 @@ int MAIN(int argc, char **argv) 
    if (!set_cert_key_stuff(ctx, cert, key))

        goto end;



    if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||

        (!SSL_CTX_set_default_verify_paths(ctx))) {

        /*

         * BIO_printf(bio_err,"error setting default verify locations\n");

         */

    if ((CAfile || CApath)

        && !SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) {

        ERR_print_errors(bio_err);

    }

    if (!SSL_CTX_set_default_verify_paths(ctx)) {

        ERR_print_errors(bio_err);

        /* goto end; */

    }

#ifndef OPENSSL_NO_TLSEXT

    if (servername != NULL) {