What appears to be happening is that when CApath is set to anything, it
will actually fall back to '${OPENSSLDIR}/certs' and succeed, if the
required cert hashes are not found at the CApath specified on the CLI.
But by default, only the CAfile codepath is activated, and the default
CAfile is set to '${OPENSSLDIR}/cert.pem', which is completely useless.
If the default CAfile was set to '${OPENSSLDIR}/certs/ca-
certificates.crt' at build time, things would work as expected for
pretty much everyone.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/396818
Title:
openssl s_client behaves strangely without CAPath
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/396818/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
