diff options
| author | Matthias Andree <matthias.andree@gmx.de> | 2004-11-08 09:36:31 +0000 |
|---|---|---|
| committer | Matthias Andree <matthias.andree@gmx.de> | 2004-11-08 09:36:31 +0000 |
| commit | 421421a4b04820bfbf57aa67be656852bb8d364f (patch) | |
| tree | 40f9953931d459aa4b39d103d16a0a29a6f47ec9 /socket.c | |
| parent | 65e619311d048a57b9ecf8d1baf919da30f7ca2a (diff) | |
| download | fetchmail-421421a4b04820bfbf57aa67be656852bb8d364f.tar.gz fetchmail-421421a4b04820bfbf57aa67be656852bb8d364f.tar.bz2 fetchmail-421421a4b04820bfbf57aa67be656852bb8d364f.zip | |
Honor sslcertpath setting even if sslcertck is unset. Patch by Brian Candler.
svn path=/trunk/; revision=3987
Diffstat (limited to 'socket.c')
| -rw-r--r-- | socket.c | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -962,13 +962,13 @@ int SSLOpen(int sock, char *mycert, char *mykey, char *myproto, int certck, char if (certck) { SSL_CTX_set_verify(_ctx, SSL_VERIFY_PEER, SSL_ck_verify_callback); - if (certpath) - SSL_CTX_load_verify_locations(_ctx, NULL, certpath); } else { /* In this case, we do not fail if verification fails. However, * we provide the callback for output and possible fingerprint checks. */ SSL_CTX_set_verify(_ctx, SSL_VERIFY_PEER, SSL_nock_verify_callback); } + if (certpath) + SSL_CTX_load_verify_locations(_ctx, NULL, certpath); _ssl_context[sock] = SSL_new(_ctx); |