[openssl-dev] [Bug] apps: -CApath does not fail for non-directories (on Linux)

Steffen Nurpmeso steffen at sdaoden.eu
Wed Mar 1 16:46:40 UTC 2017

Sorry for the late reply, this really is a slow machine (and
i cleanup again completely anything once it is installed, _and_
the tests compile a long time even if not run)..

"Salz, Rich" <rsalz at akamai.com> wrote:
 |> I am sorry, but i have no github account.  Maybe it is possible to \
 |> have some
 |> @bug address which creates issues automatically?
 |Nah, too much spam will happen :(  Posting to openssl-dev is fine.

Ok, good.

 |>   ? openssl version
 |>   OpenSSL 1.0.2k  26 Jan 2017
 |>   ? /home/steffen/usr/opt/.ssl-1.1.0/bin/openssl version
 |>   OpenSSL 1.1.0  25 Aug 2016
 |So this happens on both 1.0.2 and 1.1.0?
 |Does the following patch fix it for 1.1.0?

No, not that i know.  But this -- thanks -- lead me to the
following, which is the KISS that you want?

diff --git a/apps/apps.c b/apps/apps.c
index 216bc797d..3afbbaef2 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -1221,7 +1221,8 @@ X509_STORE *setup_verify(const char *CAfile, const char *CApath, int noCAfile, i
         if (lookup == NULL)
             goto end;
         if (CApath) {
-            if (!X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM)) {
+            if (!app_isdir(CApath) ||
+                    !X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM)) {
                 BIO_printf(bio_err, "Error loading directory %s\n", CApath);
                 goto end;


More information about the openssl-dev mailing list