mirror of
https://github.com/moparisthebest/curl
synced 2024-11-16 22:45:03 -05:00
openssl: avoid error conditions when importing native CA
The code section that is OpenSSL 3+ specific now uses the same logic as is used in the version < 3 section. It caused a compiler error without it. Closes #5907
This commit is contained in:
parent
dd51f04b11
commit
b3fbb2fb9d
@ -2993,7 +2993,7 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
|
|||||||
{
|
{
|
||||||
if(ssl_cafile) {
|
if(ssl_cafile) {
|
||||||
if(!SSL_CTX_load_verify_file(backend->ctx, ssl_cafile)) {
|
if(!SSL_CTX_load_verify_file(backend->ctx, ssl_cafile)) {
|
||||||
if(verifypeer) {
|
if(verifypeer && !imported_native_ca) {
|
||||||
/* Fail if we insist on successfully verifying the server. */
|
/* Fail if we insist on successfully verifying the server. */
|
||||||
failf(data, "error setting certificate file: %s", ssl_cafile);
|
failf(data, "error setting certificate file: %s", ssl_cafile);
|
||||||
return CURLE_SSL_CACERT_BADFILE;
|
return CURLE_SSL_CACERT_BADFILE;
|
||||||
@ -3005,7 +3005,7 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
|
|||||||
}
|
}
|
||||||
if(ssl_capath) {
|
if(ssl_capath) {
|
||||||
if(!SSL_CTX_load_verify_dir(backend->ctx, ssl_capath)) {
|
if(!SSL_CTX_load_verify_dir(backend->ctx, ssl_capath)) {
|
||||||
if(verifypeer) {
|
if(verifypeer && !imported_native_ca) {
|
||||||
/* Fail if we insist on successfully verifying the server. */
|
/* Fail if we insist on successfully verifying the server. */
|
||||||
failf(data, "error setting certificate path: %s", ssl_capath);
|
failf(data, "error setting certificate path: %s", ssl_capath);
|
||||||
return CURLE_SSL_CACERT_BADFILE;
|
return CURLE_SSL_CACERT_BADFILE;
|
||||||
|
Loading…
Reference in New Issue
Block a user