In apps/s_client.c there is an invalid if-clause:
if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
(!SSL_CTX_set_default_verify_paths(ctx))) {
/*
* BIO_printf(bio_err,"error setting default
verify locations\n");
*/
ERR_print_errors(bio_err);
/* goto end; */
}
Function SSL_CTX_set_default_verify_paths is never called if both CAfile and
CApath are NULL, because in file crypto/x509/x509_d2.c the function
X509_STORE_load_locations returns 0 in such case.
There seems to be something odd with the X509_STORE_load_locations function,
as everywhere else where it is called (it has wrapper
SSL_CTX_load_verify_locations), both the path and file are checked, so they
are never both NULL, but still that condition is checked inside the function.
--
Pertti Karppinen
Email [email protected]
Online Solutions Oy - http://www.online.fi/
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
