From 56c43604d085d50567a222670c4d24e25150647e Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 30 Aug 2002 12:07:42 +0000
Subject: if verifypeer is enabled but nether CAfile nor CApath is, then don't
 try to load "verify_locations"

---
 lib/ssluse.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'lib')

diff --git a/lib/ssluse.c b/lib/ssluse.c
index 5a002f01c..019c78bfd 100644
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -739,7 +739,8 @@ Curl_SSLConnect(struct connectdata *conn)
                        SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT|
                        SSL_VERIFY_CLIENT_ONCE,
                        cert_verify_callback);
-    if (!SSL_CTX_load_verify_locations(conn->ssl.ctx,
+    if ((data->set.ssl.CAfile || data->set.ssl.CApath) &&
+        !SSL_CTX_load_verify_locations(conn->ssl.ctx,
                                        data->set.ssl.CAfile,
                                        data->set.ssl.CApath)) {
       failf(data,"error setting cerficate verify locations");
-- 
cgit v1.2.3