On 11 January 2014 12:17, Florian Zumbiehl via RT <r...@openssl.org> wrote:
> Hi, > > > So in that case it should try only the user's option if the user gave a > > -CApath or -CAfile, and otherwise the default option? > > well, I am not an OpenSSL dev, but that's the behaviour I would consider > correct, yeah. > > > The suggestion above has the advantage that it does not require > > SSL_CTX_load_verify_locations to be changed (as its behavior of failing > > when CApath and CAfile are both NULL is documented). However, if it were > > changed, then the code above would still work. > > Yeah, I didn't mean to imply that SSL_CTX_load_verify_locations() should be > changed, for the reason you mention, just pointing out that the behaviour > doesn't really make sense ... > > > The correct behavior is, as I hope I've made clear, outside my competence > > to decide, but I'm quite happy to work up an acceptable patch if guided > as > > to what exactly it should implement. > > Thanks for the work, that bug did have me scratch my head a while ago (I > used socat instead then, they manage to get it right), it wouldn't hurt to > get that fixed ... > Jolly good! Could we please have an opinion from a developer willing to define and push an acceptable patch? -- http://rrt.sc3d.org
