1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-16 22:45:03 -05:00

openssl: avoid error conditions when importing native CA

The code section that is OpenSSL 3+ specific now uses the same logic as
is used in the version < 3 section. It caused a compiler error without
it.

Closes #5907
This commit is contained in:
Daniel Stenberg 2020-09-02 15:26:09 +02:00
parent dd51f04b11
commit b3fbb2fb9d
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2

View File

@ -2993,7 +2993,7 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
{ {
if(ssl_cafile) { if(ssl_cafile) {
if(!SSL_CTX_load_verify_file(backend->ctx, ssl_cafile)) { if(!SSL_CTX_load_verify_file(backend->ctx, ssl_cafile)) {
if(verifypeer) { if(verifypeer && !imported_native_ca) {
/* Fail if we insist on successfully verifying the server. */ /* Fail if we insist on successfully verifying the server. */
failf(data, "error setting certificate file: %s", ssl_cafile); failf(data, "error setting certificate file: %s", ssl_cafile);
return CURLE_SSL_CACERT_BADFILE; return CURLE_SSL_CACERT_BADFILE;
@ -3005,7 +3005,7 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
} }
if(ssl_capath) { if(ssl_capath) {
if(!SSL_CTX_load_verify_dir(backend->ctx, ssl_capath)) { if(!SSL_CTX_load_verify_dir(backend->ctx, ssl_capath)) {
if(verifypeer) { if(verifypeer && !imported_native_ca) {
/* Fail if we insist on successfully verifying the server. */ /* Fail if we insist on successfully verifying the server. */
failf(data, "error setting certificate path: %s", ssl_capath); failf(data, "error setting certificate path: %s", ssl_capath);
return CURLE_SSL_CACERT_BADFILE; return CURLE_SSL_CACERT_BADFILE;