Following command always fails. I believe the behaviour is not what we
want. I attached a patch against s_client, s_server and s_time. Other
commands might also be suffered from the safe problem.
openssl s_client -verify 0 -connect somewhere
diff -Nru openssl-SNAP-20040330.orig/apps/s_client.c
openssl-SNAP-20040330/apps/s_client.c
--- openssl-SNAP-20040330.orig/apps/s_client.c Fri Nov 28 23:00:09 2003
+++ openssl-SNAP-20040330/apps/s_client.c Tue Mar 30 19:22:45 2004
@@ -502,7 +502,8 @@
if (!set_cert_stuff(ctx,cert_file,key_file))
goto end;
- if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
+ if ((!(CAfile == NULL && CApath == NULL) &&
+ !SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
(!SSL_CTX_set_default_verify_paths(ctx)))
{
/* BIO_printf(bio_err,"error setting default verify locations\n"); */
diff -Nru openssl-SNAP-20040330.orig/apps/s_server.c
openssl-SNAP-20040330/apps/s_server.c
--- openssl-SNAP-20040330.orig/apps/s_server.c Fri Nov 28 23:00:09 2003
+++ openssl-SNAP-20040330/apps/s_server.c Tue Mar 30 19:23:13 2004
@@ -814,7 +814,8 @@
}
#endif
- if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
+ if ((!(CAfile == NULL && CApath == NULL) &&
+ !SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
(!SSL_CTX_set_default_verify_paths(ctx)))
{
/* BIO_printf(bio_err,"X509_load_verify_locations\n"); */
diff -Nru openssl-SNAP-20040330.orig/apps/s_time.c openssl-SNAP-20040330/apps/s_time.c
--- openssl-SNAP-20040330.orig/apps/s_time.c Sun Dec 28 00:00:40 2003
+++ openssl-SNAP-20040330/apps/s_time.c Tue Mar 30 19:22:14 2004
@@ -476,7 +476,8 @@
SSL_load_error_strings();
- if ((!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath)) ||
+ if ((!(CAfile == NULL && CApath == NULL) &&
+ !SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath)) ||
(!SSL_CTX_set_default_verify_paths(tm_ctx)))
{
/* BIO_printf(bio_err,"error setting default verify locations\n"); */
