This is a fix for OpenSSL tickets #977 and #3213, loosely based on patch from Reuben Thomas from #3213. --- src/apps/s_client.c | 5 +++-- src/apps/s_server.c | 10 ++++++---- src/apps/s_time.c | 5 +++-- 3 files changed, 12 insertions(+), 8 deletions(-)
diff --git a/src/apps/s_client.c b/src/apps/s_client.c index f693d10..3ffedcc 100644 --- a/src/apps/s_client.c +++ b/src/apps/s_client.c @@ -870,8 +870,9 @@ bad: if (!set_cert_key_stuff(ctx, cert, key)) goto end; - if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) || - (!SSL_CTX_set_default_verify_paths(ctx))) { + if (!((CAfile || CApath) ? + SSL_CTX_load_verify_locations(ctx, CAfile, CApath) : + SSL_CTX_set_default_verify_paths(ctx))) { /* * BIO_printf(bio_err,"error setting default verify * locations\n"); diff --git a/src/apps/s_server.c b/src/apps/s_server.c index 3f71740..9a20deb 100644 --- a/src/apps/s_server.c +++ b/src/apps/s_server.c @@ -1167,8 +1167,9 @@ bad: #endif - if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) || - (!SSL_CTX_set_default_verify_paths(ctx))) { + if (!((CAfile || CApath) ? + SSL_CTX_load_verify_locations(ctx, CAfile, CApath) : + SSL_CTX_set_default_verify_paths(ctx))) { /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */ ERR_print_errors(bio_err); /* goto end; */ @@ -1222,8 +1223,9 @@ bad: else SSL_CTX_sess_set_cache_size(ctx2, 128); - if ((!SSL_CTX_load_verify_locations(ctx2, CAfile, CApath)) || - (!SSL_CTX_set_default_verify_paths(ctx2))) { + if (!((CAfile || CApath) ? + SSL_CTX_load_verify_locations(ctx2, CAfile, CApath) : + SSL_CTX_set_default_verify_paths(ctx2))) { ERR_print_errors(bio_err); } if (vpm) diff --git a/src/apps/s_time.c b/src/apps/s_time.c index 960ba4e..4dbd906 100644 --- a/src/apps/s_time.c +++ b/src/apps/s_time.c @@ -346,8 +346,9 @@ s_time_main(int argc, char **argv) SSL_load_error_strings(); - if ((!SSL_CTX_load_verify_locations(tm_ctx, CAfile, CApath)) || - (!SSL_CTX_set_default_verify_paths(tm_ctx))) { + if (!((CAfile || CApath) ? + SSL_CTX_load_verify_locations(tm_ctx, CAfile, CApath) : + SSL_CTX_set_default_verify_paths(tm_ctx))) { /* * BIO_printf(bio_err,"error setting default verify * locations\n"); -- 1.7.10.4