From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Tue, 31 Dec 2024 10:40:19 +0000 (+0200)
Subject: lib-ssl-iostream: Allow missing ca if invalid certs are allowed
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=41c53f3e28ec4a1dc29b00b92aa9d1cf07d4e7dd;p=thirdparty%2Fdovecot%2Fcore.git

lib-ssl-iostream: Allow missing ca if invalid certs are allowed
---

diff --git a/src/lib-ssl-iostream/iostream-openssl-context.c b/src/lib-ssl-iostream/iostream-openssl-context.c
index 01de485b57..6281d5012b 100644
--- a/src/lib-ssl-iostream/iostream-openssl-context.c
+++ b/src/lib-ssl-iostream/iostream-openssl-context.c
@@ -637,7 +637,7 @@ ssl_iostream_context_load_ca(struct ssl_iostream_context *ctx,
 				openssl_iostream_error());
 			return -1;
 		}
-	} else if (!have_ca) {
+	} else if (!have_ca && !set->allow_invalid_cert) {
 		*error_r = "Can't verify remote client certs without CA (ssl_server_ca_file setting)";
 		return -1;
 	}