On Sun, Dec 28, 2014 at 16:15, Brian Curran wrote: > OpenBSD 5.6, LibreSSL 2.0. > > Passing any arbitrary value to the -CApath flag of openssl s_client > appears to successfully verify the server certificate. To reproduce:
Only because even in the case where /asdf doesn't exist, the default of /etc/ssl is still used. If, for example, you remove cert.pem from /etc/ssl, you'll see that verify returns 0. Still a bug, probably, but less catastrophic. :)
