[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
Matt Caswell
matt at openssl.org
Wed Mar 25 13:11:07 UTC 2015
The branch OpenSSL_1_0_2-stable has been updated
via 8338cf0bdb9a5b17cd46a0bf8f58c15f10960586 (commit)
from ddbf312fb4ae31eb2e87af736e0a3b5b347d736a (commit)
- Log -----------------------------------------------------------------
commit 8338cf0bdb9a5b17cd46a0bf8f58c15f10960586
Author: Matt Caswell <matt at openssl.org>
Date: Wed Feb 25 11:30:43 2015 +0000
Fix bug in s_client. Previously default verify locations would only be loaded
if CAfile or CApath were also supplied and successfully loaded first.
Reviewed-by: Richard Levitte <levitte at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
apps/s_client.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/apps/s_client.c b/apps/s_client.c
index 8fa2b73..6c244ac 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1336,13 +1336,12 @@ int MAIN(int argc, char **argv)
SSL_CTX_set_verify(ctx, verify, verify_callback);
- if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
- (!SSL_CTX_set_default_verify_paths(ctx))) {
- /*
- * BIO_printf(bio_err,"error setting default verify locations\n");
- */
+ if ((CAfile || CApath)
+ && !SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) {
+ ERR_print_errors(bio_err);
+ }
+ if (!SSL_CTX_set_default_verify_paths(ctx)) {
ERR_print_errors(bio_err);
- /* goto end; */
}
ssl_ctx_add_crls(ctx, crls, crl_download);
More information about the openssl-commits
mailing list