Please, see my pull request on GitHub: https://github.com/openssl/openssl/pull/170 Description from the pull request:
This commit has security implications for simple clients that use openssl s_client. To demostrate the issue described in the commit message do: openssl s_client -connect github.com:443 -verify_return_error -quiet -verify 100 -CAfile my_ca.pem Where my_ca.pem is any certificate file other than the one that actually signed github's cert. This should fail, but it currently succeeds. This pull request fixes that. Together with the annoyance that if you don't specify a CAfile in the above command it fails, though it should have succeeded. :) Discovered and debugged together with @errge. The intention was obviously to use the user-specified CAfile and CApath and if that fails (eg. user didn't specify anything) to use the defaults. Having || instead of && has two implications: 1. If the user doesn't specify anything, we don't use the defaults, so verification will always fail. This is mostly a nuisance. 2. If the user does specify something for CAfile or CApath, we will load the defaults too. Which have security implications: A simple client implementation with openssl s_client that wants to check that it's talking to the right server by specifying a private CAfile fails to achieve the promised security (as the server's certificate will also be checked against the default CA list). Best, Mihaly Barasz ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org