use of SSL_CTX_load_verify_locations() in s_client

Ludwig Nussel Tue, 23 Feb 2010 09:15:15 -0800

Hi,

Ralf Haferkamp noticed that several programs using openssl contain
some weird piece of code that seems to originate to apps/s_client.c:


if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
        (!SSL_CTX_set_default_verify_paths(ctx)))
        {
        /* BIO_printf(bio_err,"error setting default verify locations\n"); */
        ERR_print_errors(bio_err);
        /* goto end; */
        }

SSL_CTX_load_verify_locations() returns zero on failure or if both
arguments are NULL. Therefore SSL_CTX_set_default_verify_paths()
actually only gets called if SSL_CTX_load_verify_locations()
succeeds which doesn't make much sense.

cu
Ludwig

-- 
 (o_   Ludwig Nussel
 //\   
 V_/_  http://www.suse.de/
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org

use of SSL_CTX_load_verify_locations() in s_client

Reply via email to