b8410e85e6
- don't hardcode /etc/ssl/certs. Use openssl's default instead OBS-URL: https://build.opensuse.org/request/show/292668 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/curl?expand=0&rev=127
33 lines
1.1 KiB
Diff
33 lines
1.1 KiB
Diff
From 9af60d2d52d9635ba4498d3a42abd85c7c2140db Mon Sep 17 00:00:00 2001
|
|
From: Ludwig Nussel <ludwig.nussel@suse.de>
|
|
Date: Tue, 24 Mar 2015 13:25:17 +0100
|
|
Subject: [PATCH] use openssl's built in verify path as fallback
|
|
|
|
Trying to verify a peer without any having any root CA certificates
|
|
registered won't work. So use openssl's built in default as
|
|
fallback.
|
|
|
|
https://github.com/bagder/curl/pull/175
|
|
---
|
|
lib/vtls/openssl.c | 4 ++++
|
|
1 file changed, 4 insertions(+)
|
|
|
|
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
|
|
index 3f93e22..34abd64 100644
|
|
--- a/lib/vtls/openssl.c
|
|
+++ b/lib/vtls/openssl.c
|
|
@@ -2012,6 +2012,10 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
|
|
"none",
|
|
data->set.str[STRING_SSL_CAPATH] ? data->set.str[STRING_SSL_CAPATH]:
|
|
"none");
|
|
+ } else if (data->set.ssl.verifypeer) {
|
|
+ /* verfying the peer without any CA certificates won't
|
|
+ work so use openssl's built in default as fallback */
|
|
+ SSL_CTX_set_default_verify_paths(connssl->ctx);
|
|
}
|
|
|
|
if(data->set.str[STRING_SSL_CRLFILE]) {
|
|
--
|
|
2.3.3
|
|
|