[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnurl] 85/411: openssl: avoid error conditions when importing native CA
|
From: |
gnunet |
|
Subject: |
[gnurl] 85/411: openssl: avoid error conditions when importing native CA |
|
Date: |
Wed, 13 Jan 2021 01:18:20 +0100 |
This is an automated email from the git hooks/post-receive script.
nikita pushed a commit to branch master
in repository gnurl.
commit b3fbb2fb9dde9ab93db67a7ccc2130e68714016b
Author: Daniel Stenberg <daniel@haxx.se>
AuthorDate: Wed Sep 2 15:26:09 2020 +0200
openssl: avoid error conditions when importing native CA
The code section that is OpenSSL 3+ specific now uses the same logic as
is used in the version < 3 section. It caused a compiler error without
it.
Closes #5907
---
lib/vtls/openssl.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index ce6f8445a..5d3da8234 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -2993,7 +2993,7 @@ static CURLcode ossl_connect_step1(struct connectdata
*conn, int sockindex)
{
if(ssl_cafile) {
if(!SSL_CTX_load_verify_file(backend->ctx, ssl_cafile)) {
- if(verifypeer) {
+ if(verifypeer && !imported_native_ca) {
/* Fail if we insist on successfully verifying the server. */
failf(data, "error setting certificate file: %s", ssl_cafile);
return CURLE_SSL_CACERT_BADFILE;
@@ -3005,7 +3005,7 @@ static CURLcode ossl_connect_step1(struct connectdata
*conn, int sockindex)
}
if(ssl_capath) {
if(!SSL_CTX_load_verify_dir(backend->ctx, ssl_capath)) {
- if(verifypeer) {
+ if(verifypeer && !imported_native_ca) {
/* Fail if we insist on successfully verifying the server. */
failf(data, "error setting certificate path: %s", ssl_capath);
return CURLE_SSL_CACERT_BADFILE;
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [gnurl] 64/411: tls: add CURLOPT_SSL_EC_CURVES and --curves, (continued)
- [gnurl] 64/411: tls: add CURLOPT_SSL_EC_CURVES and --curves, gnunet, 2021/01/12
- [gnurl] 86/411: travis: add a CI job with openssl3 (from git master), gnunet, 2021/01/12
- [gnurl] 93/411: docs: add categories to all cmdline opts, gnunet, 2021/01/12
- [gnurl] 98/411: winbuild/rundebug.cmd: remove, gnunet, 2021/01/12
- [gnurl] 84/411: setopt: avoid curl_ on local variable, gnunet, 2021/01/12
- [gnurl] 80/411: curl_threads: make it 'struct Curl_actual_call', gnunet, 2021/01/12
- [gnurl] 103/411: test1541: remove since it is a known bug, gnunet, 2021/01/12
- [gnurl] 74/411: select: align poll emulation to return all relevant events, gnunet, 2021/01/12
- [gnurl] 110/411: openssl: consider ALERT_CERTIFICATE_EXPIRED a failed verification, gnunet, 2021/01/12
- [gnurl] 81/411: vtls: make it 'struct Curl_ssl_session', gnunet, 2021/01/12
- [gnurl] 85/411: openssl: avoid error conditions when importing native CA,
gnunet <=
- [gnurl] 124/411: tests: add test1912 to the dist, gnunet, 2021/01/12
- [gnurl] 91/411: connect.c: remove superfluous 'else' in Curl_getconnectinfo, gnunet, 2021/01/12
- [gnurl] 101/411: curl: retry delays in parallel mode no longer sleeps blocking, gnunet, 2021/01/12
- [gnurl] 106/411: tests/libtests: remove test 1900 and 2033, gnunet, 2021/01/12
- [gnurl] 82/411: wildcard: strip "curl_" prefix from private symbols, gnunet, 2021/01/12
- [gnurl] 73/411: CI/azure: MQTT is now enabled by default, gnunet, 2021/01/12
- [gnurl] 107/411: libtest: remove lib1541 leftovers, gnunet, 2021/01/12
- [gnurl] 99/411: build: drop support for building with Watcom, gnunet, 2021/01/12
- [gnurl] 108/411: cmake: make HTTP_ONLY also disable MQTT, gnunet, 2021/01/12
- [gnurl] 100/411: curl:parallel_transfers: make sure retry readds the transfer, gnunet, 2021/01/12