[openssl-dev] [openssl.org #4285] SSL_CTX_load_verify_locations() fails without error with invalid files

Timo Sirainen via RT rt at openssl.org
Mon Feb 1 20:56:28 UTC 2016


If loaded file isn't valid, SSL_CTX_load_verify_locations() returns 0,
but ERR_get_error() reports 0.

Debian unstable
Version: 1.0.2f-2

Example:

// create "empty-file" by e.g. touching it (or containing whatever garbage)
#include <openssl/ssl.h>
#include <openssl/err.h>

int main(void)
{
SSL_CTX *ssl_ctx;

SSL_library_init();
SSL_load_error_strings();

ssl_ctx = SSL_CTX_new(SSLv23_server_method());
if (!SSL_CTX_load_verify_locations(ssl_ctx, "empty-file", NULL)) {
printf("error = %lu\n", ERR_get_error());
}
return 0;
}




More information about the openssl-dev mailing list