[openssl-dev] [openssl.org #4285] SSL_CTX_load_verify_locations() fails without error with invalid files
Timo Sirainen via RT
rt at openssl.org
Mon Feb 1 20:56:28 UTC 2016
If loaded file isn't valid, SSL_CTX_load_verify_locations() returns 0,
but ERR_get_error() reports 0.
Debian unstable
Version: 1.0.2f-2
Example:
// create "empty-file" by e.g. touching it (or containing whatever garbage)
#include <openssl/ssl.h>
#include <openssl/err.h>
int main(void)
{
SSL_CTX *ssl_ctx;
SSL_library_init();
SSL_load_error_strings();
ssl_ctx = SSL_CTX_new(SSLv23_server_method());
if (!SSL_CTX_load_verify_locations(ssl_ctx, "empty-file", NULL)) {
printf("error = %lu\n", ERR_get_error());
}
return 0;
}
More information about the openssl-dev
mailing list