storm/w3m
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Don't fallback when SSL_CTX_load_verify_locations fails

Browse Source
This commit is contained in:
Tatsuya Kinoshita
2021-02-22 23:16:16 +09:00
parent b6d29622b8
commit 4f77fb88e2
1 changed files with 11 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
url.c
View File

@@ -444,11 +444,17 @@ openSSLHandle(int sock, char *hostname, char **p_cert)
goto eend;
}
}
if ((!ssl_ca_file || *ssl_ca_file == '\0')
&& (!ssl_ca_path || *ssl_ca_path == '\0')
|| !ssl_verify_server
|| !SSL_CTX_load_verify_locations(ssl_ctx, ssl_ca_file, ssl_ca_path))
SSL_CTX_set_default_verify_paths(ssl_ctx);
if (ssl_verify_server) {
char *file = NULL, *path = NULL;
if (ssl_ca_file && *ssl_ca_file != '\0') file = ssl_ca_file;
if (ssl_ca_path && *ssl_ca_path != '\0') path = ssl_ca_path;
if (!file && !path)
SSL_CTX_set_default_verify_paths(ssl_ctx);
else if (!SSL_CTX_load_verify_locations(ssl_ctx, file, path)) {
free_ssl_ctx();
goto eend;
}
}
#endif /* defined(USE_SSL_VERIFY) */
#endif /* SSLEAY_VERSION_NUMBER >= 0x0800 */
}