From 41c53f3e28ec4a1dc29b00b92aa9d1cf07d4e7dd Mon Sep 17 00:00:00 2001
From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Tue, 31 Dec 2024 12:40:19 +0200
Subject: [PATCH] lib-ssl-iostream: Allow missing ca if invalid certs are
 allowed

---
 src/lib-ssl-iostream/iostream-openssl-context.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/lib-ssl-iostream/iostream-openssl-context.c b/src/lib-ssl-iostream/iostream-openssl-context.c
index 01de485b57..6281d5012b 100644
--- a/src/lib-ssl-iostream/iostream-openssl-context.c
+++ b/src/lib-ssl-iostream/iostream-openssl-context.c
@@ -637,7 +637,7 @@ ssl_iostream_context_load_ca(struct ssl_iostream_context *ctx,
 				openssl_iostream_error());
 			return -1;
 		}
-	} else if (!have_ca) {
+	} else if (!have_ca && !set->allow_invalid_cert) {
 		*error_r = "Can't verify remote client certs without CA (ssl_server_ca_file setting)";
 		return -1;
 	}
-- 
2.47.3