BUG/MINOR: ssl/cli: error when the ca-file is empty

"set ssl ca-file" does not return any error when a ca-file is empty or
only contains comments. This could be a problem is the file was
malformated and did not contain any PEM header.

It must be backported as far as 2.5.

diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c
index 0992240e22b374194c8c994b5083d944737603db..9827928c85b8d6f9bbac19277efbe69dbaa2828b 100644 (file)
--- a/src/ssl_ckch.c
+++ b/src/ssl_ckch.c
@@ -1140,7 +1140,8 @@ int ssl_store_load_ca_from_buf(struct cafile_entry *ca_e, char *cert_buf)
                                                retval = !X509_STORE_add_crl(ca_e->ca_store, info->crl);
                                        }
                                }
-                               retval = retval || (i != sk_X509_INFO_num(infos));
+                               /* return an error if we didn't compute all the X509_INFO or if there was none */
+                               retval = retval ||  (i != sk_X509_INFO_num(infos)) || ( sk_X509_INFO_num(infos) == 0);
 
                                /* Cleanup */
                                sk_X509_INFO_pop_free(infos, X509_INFO_free);