Fix a bug loading the default certificate path locations.

The files would only be loaded if the CAfile or CApath locations were succesfully loaded first. Original patch from OpenSSL: https://github.com/openssl/openssl/commit/fe9b85c3cb79f1e29e61f01de105b34ce8177190 ok beck@
author: bcook <> 2016-06-21 03:56:43 +0000
committer: bcook <> 2016-06-21 03:56:43 +0000
commit: d73dc1262008dfcbfe5d8b18f9d8808970caa9d5 (patch)
tree: 3fc03858dd1bbadd0c4ba1395f1faf915809b37e
parent: b46453c90dfe6bc45dba18a20179d06915a4f1f1 (diff)
download: openbsd-d73dc1262008dfcbfe5d8b18f9d8808970caa9d5.tar.gz
openbsd-d73dc1262008dfcbfe5d8b18f9d8808970caa9d5.tar.bz2
openbsd-d73dc1262008dfcbfe5d8b18f9d8808970caa9d5.zip
1 files changed, 7 insertions, 9 deletions
diff --git a/src/usr.bin/openssl/s_client.c b/src/usr.bin/openssl/s_client.c
index 471a5e3c5c..b35fa8c3fc 100644
--- a/src/usr.bin/openssl/s_client.c
+++ b/src/usr.bin/openssl/s_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s_client.c,v 1.27 2015/12/01 12:01:56 jca Exp $ */
+/* $OpenBSD: s_client.c,v 1.28 2016/06/21 03:56:43 bcook Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -728,15 +728,13 @@ bad:
        if (!set_cert_key_stuff(ctx, cert, key))
                goto end;
-        if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
+        if ((CAfile || CApath)
-            (!SSL_CTX_set_default_verify_paths(ctx))) {
+            && !SSL_CTX_load_verify_locations(ctx, CAfile, CApath))
-                /*
-                 * BIO_printf(bio_err,"error setting default verify
-                 * locations\n");
-                 */
                ERR_print_errors(bio_err);
-                /* goto end; */
-        }
+        if (!SSL_CTX_set_default_verify_paths(ctx))
+                ERR_print_errors(bio_err);
        if (servername != NULL) {
                tlsextcbp.biodebug = bio_err;
                SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
author	bcook <>	2016-06-21 03:56:43 +0000
committer	bcook <>	2016-06-21 03:56:43 +0000
commit	d73dc1262008dfcbfe5d8b18f9d8808970caa9d5 (patch)
tree	3fc03858dd1bbadd0c4ba1395f1faf915809b37e
parent	b46453c90dfe6bc45dba18a20179d06915a4f1f1 (diff)
download	openbsd-d73dc1262008dfcbfe5d8b18f9d8808970caa9d5.tar.gz openbsd-d73dc1262008dfcbfe5d8b18f9d8808970caa9d5.tar.bz2 openbsd-d73dc1262008dfcbfe5d8b18f9d8808970caa9d5.zip

diff --git a/src/usr.bin/openssl/s_client.c b/src/usr.bin/openssl/s_client.c index 471a5e3c5c..b35fa8c3fc 100644 --- a/src/usr.bin/openssl/s_client.c +++ b/src/usr.bin/openssl/s_client.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s_client.c,v 1.27 2015/12/01 12:01:56 jca Exp $ */	1	/* $OpenBSD: s_client.c,v 1.28 2016/06/21 03:56:43 bcook Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -728,15 +728,13 @@ bad:
728	if (!set_cert_key_stuff(ctx, cert, key))	728	if (!set_cert_key_stuff(ctx, cert, key))
729	goto end;	729	goto end;
730		730
731	if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) \|\|	731	if ((CAfile \|\| CApath)
732	(!SSL_CTX_set_default_verify_paths(ctx))) {	732	&& !SSL_CTX_load_verify_locations(ctx, CAfile, CApath))
733	/*
734	* BIO_printf(bio_err,"error setting default verify
735	* locations\n");
736	*/
737	ERR_print_errors(bio_err);	733	ERR_print_errors(bio_err);
738	/* goto end; */	734
739	}	735	if (!SSL_CTX_set_default_verify_paths(ctx))
		736	ERR_print_errors(bio_err);
		737
740	if (servername != NULL) {	738	if (servername != NULL) {
741	tlsextcbp.biodebug = bio_err;	739	tlsextcbp.biodebug = bio_err;
742	SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);	740	SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);