Because you are saying: if there are any errors in the file named by $SSL_CERT_FILE, then I'll pretend $SSL_CERT_FILE wasn't set.If the file pointed at with SSL_CERT_FILE is faulty in any way, the code will fall back to the built-in default. If that fails, an error is generated. How much does that differ from what you said?
I think that's bad.
For the semantics you have, the environment variable should be named "SSL_CERT_FILE_TRY_HERE_PLEASE" :)
/r$
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]