lib-ssl-iostream: Allow missing ca if invalid certs are allowed

diff --git a/src/lib-ssl-iostream/iostream-openssl-context.c b/src/lib-ssl-iostream/iostream-openssl-context.c
index 01de485b57b2c4e925ecab99db0b05d6ad1f2f61..6281d5012b1b3d0c362138b13c62acb6e57482d8 100644 (file)
--- a/src/lib-ssl-iostream/iostream-openssl-context.c
+++ b/src/lib-ssl-iostream/iostream-openssl-context.c
@@ -637,7 +637,7 @@ ssl_iostream_context_load_ca(struct ssl_iostream_context *ctx,
                                openssl_iostream_error());
                        return -1;
                }
-       } else if (!have_ca) {
+       } else if (!have_ca && !set->allow_invalid_cert) {
                *error_r = "Can't verify remote client certs without CA (ssl_server_ca_file setting)";
                return -1;
        }