[openssl-dev] [openssl.org #3697] Bug in s_client with loading of default certificates
Pertti Karppinen via RT
rt at openssl.org
Fri Feb 13 14:07:08 UTC 2015
In apps/s_client.c there is an invalid if-clause:
if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
(!SSL_CTX_set_default_verify_paths(ctx))) {
/*
* BIO_printf(bio_err,"error setting default
verify locations\n");
*/
ERR_print_errors(bio_err);
/* goto end; */
}
Function SSL_CTX_set_default_verify_paths is never called if both CAfile and
CApath are NULL, because in file crypto/x509/x509_d2.c the function
X509_STORE_load_locations returns 0 in such case.
There seems to be something odd with the X509_STORE_load_locations function,
as everywhere else where it is called (it has wrapper
SSL_CTX_load_verify_locations), both the path and file are checked, so they
are never both NULL, but still that condition is checked inside the function.
--
Pertti Karppinen
Email pertti.karppinen at online.fi
Online Solutions Oy - http://www.online.fi/
More information about the openssl-dev
mailing list