diff options
| author | Phil Pennock <pdp@exim.org> | 2013-03-13 19:48:22 -0400 |
|---|---|---|
| committer | Phil Pennock <pdp@exim.org> | 2013-03-13 19:48:22 -0400 |
| commit | 26e72755c101f59e24735e9ca9a320d5f1ebc2b7 (patch) | |
| tree | f78b036ef814bd5c8af8eb0de269776030168ca5 /src | |
| parent | 61147df48889217a1c1023d8c6e2431c24967686 (diff) | |
OpenSSL fix empty tls_verify_certificates.
New behaviour matches GnuTLS handling, and is documented.
Previously, a tls_verify_certificates expansion forced failure was the
only portable way to avoid setting this option. Now, an empty string is
equivalent.
Diffstat (limited to 'src')
| -rw-r--r-- | src/src/tls-openssl.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index d879f0873..42afd3949 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -1008,7 +1008,7 @@ uschar *expcerts, *expcrl; if (!expand_check(certs, US"tls_verify_certificates", &expcerts)) return DEFER; -if (expcerts != NULL) +if (expcerts != NULL && *expcerts != '\0') { struct stat statbuf; if (!SSL_CTX_set_default_verify_paths(sctx)) |