From: Jay Satiro <raysatiro@yahoo.com>
Date: Mon, 22 Jun 2020 16:13:55 +0000 (-0400)
Subject: openssl: Fix CA fallback logic for OpenSSL 3.0 build
X-Git-Tag: curl-7_71_0~5
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c9c31b9245e5c9962367b5bd6d2a3641886d0e62;p=thirdparty%2Fcurl.git

openssl: Fix CA fallback logic for OpenSSL 3.0 build

Prior to this change I assume a build error would occur when
CURL_CA_FALLBACK was used.

Closes https://github.com/curl/curl/pull/5587
---

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 41d948b3a2..897ca6880f 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -3024,7 +3024,7 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
 #endif
 
 #ifdef CURL_CA_FALLBACK
-  else if(verifypeer) {
+  if(verifypeer && !ssl_cafile && !ssl_capath) {
     /* verifying the peer without any CA certificates won't
        work so use openssl's built in default as fallback */
     SSL_CTX_set_default_verify_paths(backend->ctx);