diff options
author | Jay Satiro <raysatiro@yahoo.com> | 2020-06-22 12:13:55 -0400 |
---|---|---|
committer | Jay Satiro <raysatiro@yahoo.com> | 2020-06-22 12:24:57 -0400 |
commit | c9c31b9245e5c9962367b5bd6d2a3641886d0e62 (patch) | |
tree | 29143a29728eb2dbfa5db13e8552c4a14bc31923 | |
parent | 0f55269affc3cacd901af601b98faece2d62438d (diff) | |
download | curl-c9c31b9245e5c9962367b5bd6d2a3641886d0e62.tar.gz |
openssl: Fix CA fallback logic for OpenSSL 3.0 build
Prior to this change I assume a build error would occur when
CURL_CA_FALLBACK was used.
Closes https://github.com/curl/curl/pull/5587
-rw-r--r-- | lib/vtls/openssl.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index 41d948b3a..897ca6880 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -3024,7 +3024,7 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex) #endif #ifdef CURL_CA_FALLBACK - else if(verifypeer) { + if(verifypeer && !ssl_cafile && !ssl_capath) { /* verifying the peer without any CA certificates won't work so use openssl's built in default as fallback */ SSL_CTX_set_default_verify_paths(backend->ctx); |