From 73283ebee852e1dff85c7bf61a66fcacb7eb122b Mon Sep 17 00:00:00 2001
From: bcook <>
Date: Thu, 7 Jul 2016 13:25:37 +0000
Subject: add ca cert error check and make the path configurable

from Kinichiro Inoguchi
---
 src/regress/lib/libcrypto/ocsp/ocsp_test.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'src/regress/lib/libcrypto')

diff --git a/src/regress/lib/libcrypto/ocsp/ocsp_test.c b/src/regress/lib/libcrypto/ocsp/ocsp_test.c
index 88675364cf..44a5f1b009 100644
--- a/src/regress/lib/libcrypto/ocsp/ocsp_test.c
+++ b/src/regress/lib/libcrypto/ocsp/ocsp_test.c
@@ -47,6 +47,11 @@ int main(int argc, char *argv[]) {
 	X509_STORE     *st = NULL;
 	STACK_OF(X509) *ch = NULL;
 	char *host, *port;
+#ifdef _PATH_SSL_CA_FILE
+	char *cafile = _PATH_SSL_CA_FILE;
+#else
+	char *cafile = "/etc/ssl/cert.pem";
+#endif
 
 	SSL *ssl;
 	SSL_CTX *ctx;
@@ -56,7 +61,10 @@ int main(int argc, char *argv[]) {
 
 	ctx = SSL_CTX_new(SSLv23_client_method());
 
-	SSL_CTX_load_verify_locations(ctx, "/etc/ssl/cert.pem", NULL);
+	if (!SSL_CTX_load_verify_locations(ctx, cafile, NULL)) {
+		printf("failed to load %s\n", cafile);
+		exit(-1);
+	}
 
 	if (argc != 3)
 		errx(-1, "need a host and port to connect to");
-- 
cgit v1.2.3-55-g6feb