diff options
Diffstat (limited to '')
| -rw-r--r-- | tls.c | 23 |
1 files changed, 11 insertions, 12 deletions
diff --git a/tls.c b/tls.c index 90458c4..26adb2b 100644 --- a/tls.c +++ b/tls.c @@ -609,14 +609,6 @@ tls_configure_ssl_verify(struct tls *ctx, SSL_CTX *ssl_ctx, int verify) if (ctx->config->verify_cert == 0) goto done; - /* If no CA has been specified, attempt to load the default. */ - if (ctx->config->ca_mem == NULL && ctx->config->ca_path == NULL) { - if (tls_config_load_file(&ctx->error, "CA", tls_default_ca_cert_file(), - &ca_mem, &ca_len) != 0) - goto err; - ca_free = ca_mem; - } - if (ca_mem != NULL) { if (ca_len > INT_MAX) { tls_set_errorx(ctx, "ca too long"); @@ -626,10 +618,17 @@ tls_configure_ssl_verify(struct tls *ctx, SSL_CTX *ssl_ctx, int verify) tls_set_errorx(ctx, "ssl verify memory setup failure"); goto err; } - } else if (SSL_CTX_load_verify_locations(ssl_ctx, NULL, - ctx->config->ca_path) != 1) { - tls_set_errorx(ctx, "ssl verify locations failure"); - goto err; + } else if (ctx->config->ca_path != NULL) { + if (SSL_CTX_load_verify_locations(ssl_ctx, NULL, + ctx->config->ca_path) != 1) { + tls_set_errorx(ctx, "ssl verify locations failure"); + goto err; + } + } else { + if (SSL_CTX_set_default_verify_paths(ssl_ctx) != 1) { + tls_set_errorx(ctx, "ssl verify locations failure"); + goto err; + } } if (crl_mem != NULL) { |