BUG/MINOR: ssl: handle X509_get_default_cert_dir() returning NULL

ssl_store_load_locations_file() is using X509_get_default_cert_dir()
when using '@system-ca' as a parameter.

This function could return a NULL if OpenSSL was built with a
X509_CERT_DIR set to NULL, this is uncommon but let's fix this.

No backport needed, 2.6 only.

Fix issue #1637.

diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c
index 438483c95b723043693afbf1b58a19f785366d33..c047b1c6b2e561235ea82033d6a848d5109d9f6c 100644 (file)
--- a/src/ssl_ckch.c
+++ b/src/ssl_ckch.c
@@ -1124,7 +1124,7 @@ int ssl_store_load_locations_file(char *path, int create_if_none, enum cafile_ty
                        if (!X509_STORE_load_locations(store, file, NULL)) {
                                goto err;
                        }
-               } else {
+               } else if (dir) {
                        int n, i;
                        struct dirent **de_list;
 
@@ -1178,6 +1178,9 @@ scandir_err:
 
                        }
                        free(de_list);
+               } else {
+                       ha_alert("ca-file: couldn't load '%s'\n", path);
+                       goto err;
                }
 
                objs = X509_STORE_get0_objects(store);