openssl: Fix CA fallback logic for OpenSSL 3.0 build

Prior to this change I assume a build error would occur when CURL_CA_FALLBACK was used. Closes https://github.com/curl/curl/pull/5587
author: Jay Satiro <raysatiro@yahoo.com> 2020-06-22 12:13:55 -0400
committer: Jay Satiro <raysatiro@yahoo.com> 2020-06-22 12:24:57 -0400
commit: c9c31b9245e5c9962367b5bd6d2a3641886d0e62 (patch)
tree: 29143a29728eb2dbfa5db13e8552c4a14bc31923
parent: 0f55269affc3cacd901af601b98faece2d62438d (diff)
download: curl-c9c31b9245e5c9962367b5bd6d2a3641886d0e62.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 41d948b3a..897ca6880 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -3024,7 +3024,7 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
 #endif
 
 #ifdef CURL_CA_FALLBACK
-  else if(verifypeer) {
+  if(verifypeer && !ssl_cafile && !ssl_capath) {
     /* verifying the peer without any CA certificates won't
        work so use openssl's built in default as fallback */
     SSL_CTX_set_default_verify_paths(backend->ctx);
author	Jay Satiro <raysatiro@yahoo.com>	2020-06-22 12:13:55 -0400
committer	Jay Satiro <raysatiro@yahoo.com>	2020-06-22 12:24:57 -0400
commit	c9c31b9245e5c9962367b5bd6d2a3641886d0e62 (patch)
tree	29143a29728eb2dbfa5db13e8552c4a14bc31923
parent	0f55269affc3cacd901af601b98faece2d62438d (diff)
download	curl-c9c31b9245e5c9962367b5bd6d2a3641886d0e62.tar.gz