From ae58e10b9f7263ee4bd0b5fcf622f6ae6c8e466d Mon Sep 17 00:00:00 2001 From: bcook Date: Thu, 7 Jul 2016 13:25:37 +0000 Subject: [PATCH] add ca cert error check and make the path configurable from Kinichiro Inoguchi --- regress/lib/libcrypto/ocsp/ocsp_test.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/regress/lib/libcrypto/ocsp/ocsp_test.c b/regress/lib/libcrypto/ocsp/ocsp_test.c index 88675364cf8..44a5f1b0092 100644 --- a/regress/lib/libcrypto/ocsp/ocsp_test.c +++ b/regress/lib/libcrypto/ocsp/ocsp_test.c @@ -47,6 +47,11 @@ int main(int argc, char *argv[]) { X509_STORE *st = NULL; STACK_OF(X509) *ch = NULL; char *host, *port; +#ifdef _PATH_SSL_CA_FILE + char *cafile = _PATH_SSL_CA_FILE; +#else + char *cafile = "/etc/ssl/cert.pem"; +#endif SSL *ssl; SSL_CTX *ctx; @@ -56,7 +61,10 @@ int main(int argc, char *argv[]) { ctx = SSL_CTX_new(SSLv23_client_method()); - SSL_CTX_load_verify_locations(ctx, "/etc/ssl/cert.pem", NULL); + if (!SSL_CTX_load_verify_locations(ctx, cafile, NULL)) { + printf("failed to load %s\n", cafile); + exit(-1); + } if (argc != 3) errx(-1, "need a host and port to connect to"); -- 2.20.1