Changed ldap_pvt_tls_init_def_ctx() to not fail if there is no cacertfile/dir specifi...

author Mark Valence <mrv@openldap.org>

Mon, 6 Dec 1999 04:44:22 +0000 (04:44 +0000)

committer Mark Valence <mrv@openldap.org>

Mon, 6 Dec 1999 04:44:22 +0000 (04:44 +0000)
author Mark Valence <mrv@openldap.org>
Mon, 6 Dec 1999 04:44:22 +0000 (04:44 +0000)
committer Mark Valence <mrv@openldap.org>
Mon, 6 Dec 1999 04:44:22 +0000 (04:44 +0000)
diff --git a/libraries/libldap/tls.c b/libraries/libldap/tls.c

index 3373d822fc35a37501b91b06f3376dc1a6371e65..a00ad4525f3eb08363ec4174f16c806453394113 100644 (file)
--- a/libraries/libldap/tls.c
+++ b/libraries/libldap/tls.c
@@ -147,25 +147,28 @@ ldap_pvt_tls_init_def_ctx( void )
                         tls_report_error();
                         goto error_exit;
                 }
-               if ( !SSL_CTX_load_verify_locations( tls_def_ctx,
-                                                    tls_opt_cacertfile,
-                                                    tls_opt_cacertdir ) ||
-                    !SSL_CTX_set_default_verify_paths( tls_def_ctx ) ) {
-                       Debug( LDAP_DEBUG_ANY,
-               "TLS: could not load verify locations (file:`%s',dir:`%s').\n",
-                              tls_opt_cacertfile,tls_opt_cacertdir,0);
-                       tls_report_error();
-                       goto error_exit;
-               }
-               calist = get_ca_list( tls_opt_cacertfile, tls_opt_cacertdir );
-               if ( !calist ) {
-                       Debug( LDAP_DEBUG_ANY,
-               "TLS: could not load client CA list (file:`%s',dir:`%s').\n",
-                              tls_opt_cacertfile,tls_opt_cacertdir,0);
-                       tls_report_error();
-                       goto error_exit;
+               if (tls_opt_cacertfile != NULL || tls_opt_cacertdir != NULL) {
+                       if ( !SSL_CTX_load_verify_locations( tls_def_ctx,
+                                                            tls_opt_cacertfile,
+                                                            tls_opt_cacertdir )
+                            || !SSL_CTX_set_default_verify_paths( tls_def_ctx ) )
+                       {
+                               Debug( LDAP_DEBUG_ANY,
+                       "TLS: could not load verify locations (file:`%s',dir:`%s').\n",
+                                      tls_opt_cacertfile,tls_opt_cacertdir,0);
+                               tls_report_error();
+                               goto error_exit;
+                       }
+                       calist = get_ca_list( tls_opt_cacertfile, tls_opt_cacertdir );
+                       if ( !calist ) {
+                               Debug( LDAP_DEBUG_ANY,
+                       "TLS: could not load client CA list (file:`%s',dir:`%s').\n",
+                                      tls_opt_cacertfile,tls_opt_cacertdir,0);
+                               tls_report_error();
+                               goto error_exit;
+                       }
+                       SSL_CTX_set_client_CA_list( tls_def_ctx, calist );
                 }
-               SSL_CTX_set_client_CA_list( tls_def_ctx, calist );
                 if ( tls_opt_keyfile &&
                      !SSL_CTX_use_PrivateKey_file( tls_def_ctx,
                                                    tls_opt_keyfile,
author	Mark Valence <mrv@openldap.org>
	Mon, 6 Dec 1999 04:44:22 +0000 (04:44 +0000)
committer	Mark Valence <mrv@openldap.org>
	Mon, 6 Dec 1999 04:44:22 +0000 (04:44 +0000)