diff options
author | Daniel Stenberg <daniel@haxx.se> | 2020-09-02 15:26:09 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2020-09-02 22:47:52 +0200 |
commit | b3fbb2fb9dde9ab93db67a7ccc2130e68714016b (patch) | |
tree | bdb71686b1fe969d0249db8e5051904fb7cb320c | |
parent | dd51f04b1183f30650dabf27b4f40bf3db725083 (diff) | |
download | curl-b3fbb2fb9dde9ab93db67a7ccc2130e68714016b.tar.gz |
openssl: avoid error conditions when importing native CA
The code section that is OpenSSL 3+ specific now uses the same logic as
is used in the version < 3 section. It caused a compiler error without
it.
Closes #5907
-rw-r--r-- | lib/vtls/openssl.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index ce6f8445a..5d3da8234 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -2993,7 +2993,7 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex) { if(ssl_cafile) { if(!SSL_CTX_load_verify_file(backend->ctx, ssl_cafile)) { - if(verifypeer) { + if(verifypeer && !imported_native_ca) { /* Fail if we insist on successfully verifying the server. */ failf(data, "error setting certificate file: %s", ssl_cafile); return CURLE_SSL_CACERT_BADFILE; @@ -3005,7 +3005,7 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex) } if(ssl_capath) { if(!SSL_CTX_load_verify_dir(backend->ctx, ssl_capath)) { - if(verifypeer) { + if(verifypeer && !imported_native_ca) { /* Fail if we insist on successfully verifying the server. */ failf(data, "error setting certificate path: %s", ssl_capath); return CURLE_SSL_CACERT_BADFILE; |