From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 30 Aug 2002 12:07:42 +0000 (+0000)
Subject: if verifypeer is enabled but nether CAfile nor CApath is, then don't try
X-Git-Tag: curl-7_10~67
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=56c43604d085d50567a222670c4d24e25150647e;p=thirdparty%2Fcurl.git

if verifypeer is enabled but nether CAfile nor CApath is, then don't try
to load "verify_locations"
---

diff --git a/lib/ssluse.c b/lib/ssluse.c
index 5a002f01c7..019c78bfdb 100644
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -739,7 +739,8 @@ Curl_SSLConnect(struct connectdata *conn)
                        SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT|
                        SSL_VERIFY_CLIENT_ONCE,
                        cert_verify_callback);
-    if (!SSL_CTX_load_verify_locations(conn->ssl.ctx,
+    if ((data->set.ssl.CAfile || data->set.ssl.CApath) &&
+        !SSL_CTX_load_verify_locations(conn->ssl.ctx,
                                        data->set.ssl.CAfile,
                                        data->set.ssl.CApath)) {
       failf(data,"error setting cerficate verify locations");