From 421421a4b04820bfbf57aa67be656852bb8d364f Mon Sep 17 00:00:00 2001
From: Matthias Andree <matthias.andree@gmx.de>
Date: Mon, 8 Nov 2004 09:36:31 +0000
Subject: Honor sslcertpath setting even if sslcertck is unset. Patch by Brian
 Candler.

svn path=/trunk/; revision=3987
---
 socket.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'socket.c')

diff --git a/socket.c b/socket.c
index 5c3861bc..10a0c5f2 100644
--- a/socket.c
+++ b/socket.c
@@ -962,13 +962,13 @@ int SSLOpen(int sock, char *mycert, char *mykey, char *myproto, int certck, char
 
 	if (certck) {
 		SSL_CTX_set_verify(_ctx, SSL_VERIFY_PEER, SSL_ck_verify_callback);
-		if (certpath)
-			SSL_CTX_load_verify_locations(_ctx, NULL, certpath);
 	} else {
 		/* In this case, we do not fail if verification fails. However,
 		 *  we provide the callback for output and possible fingerprint checks. */
 		SSL_CTX_set_verify(_ctx, SSL_VERIFY_PEER, SSL_nock_verify_callback);
 	}
+	if (certpath)
+		SSL_CTX_load_verify_locations(_ctx, NULL, certpath);
 	
 	_ssl_context[sock] = SSL_new(_ctx);
 	
-- 
cgit v1.2.3