[openssl-commits] [openssl] OpenSSL_1_0_1-stable update

Matt Caswell matt at openssl.org
Wed Mar 25 13:10:54 UTC 2015


The branch OpenSSL_1_0_1-stable has been updated
       via  fe9b85c3cb79f1e29e61f01de105b34ce8177190 (commit)
      from  42c9c7103c8e7fd73dafa0500120f8e34fd659c3 (commit)


- Log -----------------------------------------------------------------
commit fe9b85c3cb79f1e29e61f01de105b34ce8177190
Author: Matt Caswell <matt at openssl.org>
Date:   Wed Feb 25 11:30:43 2015 +0000

    Fix bug in s_client. Previously default verify locations would only be loaded
    if CAfile or CApath were also supplied and successfully loaded first.
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (cherry picked from commit 70e5fd877890489a3972bf8bf50bfec1fca3875e)

-----------------------------------------------------------------------

Summary of changes:
 apps/s_client.c | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/apps/s_client.c b/apps/s_client.c
index ef41cec..1f37239 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1177,13 +1177,12 @@ int MAIN(int argc, char **argv)
     if (!set_cert_key_stuff(ctx, cert, key))
         goto end;
 
-    if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
-        (!SSL_CTX_set_default_verify_paths(ctx))) {
-        /*
-         * BIO_printf(bio_err,"error setting default verify locations\n");
-         */
+    if ((CAfile || CApath)
+        && !SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) {
+        ERR_print_errors(bio_err);
+    }
+    if (!SSL_CTX_set_default_verify_paths(ctx)) {
         ERR_print_errors(bio_err);
-        /* goto end; */
     }
 #ifndef OPENSSL_NO_TLSEXT
     if (servername != NULL) {


More information about the openssl-commits mailing list