openssl: Fix CA fallback logic for OpenSSL 3.0 build

author Jay Satiro <raysatiro@yahoo.com>

Mon, 22 Jun 2020 16:13:55 +0000 (12:13 -0400)

committer Jay Satiro <raysatiro@yahoo.com>

Mon, 22 Jun 2020 16:24:57 +0000 (12:24 -0400)
author Jay Satiro <raysatiro@yahoo.com>
Mon, 22 Jun 2020 16:13:55 +0000 (12:13 -0400)
committer Jay Satiro <raysatiro@yahoo.com>
Mon, 22 Jun 2020 16:24:57 +0000 (12:24 -0400)
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c

index 41d948b3a2ea298eae3b0e2e55f77e3b8acb95c3..897ca6880f5a9bade2000d74aae2fdcbe72e9cae 100644 (file)
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -3024,7 +3024,7 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
  #endif
  
  #ifdef CURL_CA_FALLBACK
-  else if(verifypeer) {
+  if(verifypeer && !ssl_cafile && !ssl_capath) {
      /* verifying the peer without any CA certificates won't
         work so use openssl's built in default as fallback */
      SSL_CTX_set_default_verify_paths(backend->ctx);
author	Jay Satiro <raysatiro@yahoo.com>
	Mon, 22 Jun 2020 16:13:55 +0000 (12:13 -0400)
committer	Jay Satiro <raysatiro@yahoo.com>
	Mon, 22 Jun 2020 16:24:57 +0000 (12:24 -0400)