aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--NEWS2
-rw-r--r--socket.c4
2 files changed, 4 insertions, 2 deletions
diff --git a/NEWS b/NEWS
index cfabb900..fd3dad20 100644
--- a/NEWS
+++ b/NEWS
@@ -30,6 +30,8 @@
* Remove sleep(3) after POP3 login, patch by Brian Candler.
* Fix option parsing bug that trashes the showdots setting when more
than one server is configured. Patch by Brian Candler.
+* Honor sslcertpath setting even if sslcertck is unset. Patch by Brian
+ Candler.
fetchmail-6.2.5 (Wed Oct 15 18:39:22 EDT 2003), 23079 lines:
diff --git a/socket.c b/socket.c
index 5c3861bc..10a0c5f2 100644
--- a/socket.c
+++ b/socket.c
@@ -962,13 +962,13 @@ int SSLOpen(int sock, char *mycert, char *mykey, char *myproto, int certck, char
if (certck) {
SSL_CTX_set_verify(_ctx, SSL_VERIFY_PEER, SSL_ck_verify_callback);
- if (certpath)
- SSL_CTX_load_verify_locations(_ctx, NULL, certpath);
} else {
/* In this case, we do not fail if verification fails. However,
* we provide the callback for output and possible fingerprint checks. */
SSL_CTX_set_verify(_ctx, SSL_VERIFY_PEER, SSL_nock_verify_callback);
}
+ if (certpath)
+ SSL_CTX_load_verify_locations(_ctx, NULL, certpath);
_ssl_context[sock] = SSL_new(_ctx);
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-25 00:13:35 +0000