]> git.ipfire.org Git - thirdparty/openssl.git/blobdiff - crypto/x509/x509_d2.c
projects / thirdparty / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Avoid duplicate default CApath lookups
[thirdparty/openssl.git] / crypto / x509 / x509_d2.c
diff --git a/crypto/x509/x509_d2.c b/crypto/x509/x509_d2.c
index 7838b703d46a17847090bcd22bfbbb21893e447e..2b410b5e354e1566d59d3449dffb53301fbb0fcd 100644 (file)
--- a/crypto/x509/x509_d2.c
+++ b/crypto/x509/x509_d2.c
@@ -30,6 +30,11 @@ int X509_STORE_set_default_paths_ex(X509_STORE *ctx, OSSL_LIB_CTX *libctx,
     lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_store());
     if (lookup == NULL)
         return 0;
+    /*
+     * The NULL URI argument will activate any default URIs (presently none),
+     * DO NOT pass the default CApath or CAfile, they're already handled above,
+     * likely much more efficiently.
+     */
     X509_LOOKUP_add_store_ex(lookup, NULL, libctx, propq);
 
     /* clear any errors */
A mirror of the official openssl repository