Only set ca file if it exists. Prevents error in openssl for the default path

author: Dirk Engling <erdgeist@erdgeist.org> 2022-05-16 17:58:42 +0200
committer: Dirk Engling <erdgeist@erdgeist.org> 2022-05-16 17:58:42 +0200
commit: 02ec90ef346db99502f4958c09e4ab079a6d0b29 (patch)
tree: 2f280aad7077b207b53fb1f7b9229ce8fc671716
parent: d1ac67f6d73f24a165ccc008440bb8b208ae140f (diff)
1 files changed, 9 insertions, 10 deletions
diff --git a/vchat-connection.c b/vchat-connection.c
index e3d79e9..6b38168 100644
--- a/vchat-connection.c
+++ b/vchat-connection.c
@@ -83,7 +83,7 @@ vc_connect (const char *server, const char *port)
  vc_x509store_t *vc_store;
  /* pointer to tilde-expanded certificate/keyfile-names */
-  char *certfile = NULL;
+  char *certfile, *cafile;
  /* Connect to the server */
  serverfd = connect_tcp_socket( server, port );
@@ -123,16 +123,15 @@ vc_connect (const char *server, const char *port)
    free(certfile);
  }
-  if (getintoption(CF_VERIFYSSL)) {
+  vc_x509store_setflags(vc_store, VC_X509S_SSL_VERIFY_PEER);
-      /* get name of key file */
-      char *cafile = get_tilde_expanded (CF_CAFILE);
+  /* get name of ca file */
-      if (cafile) {
+  cafile = get_tilde_expanded (CF_CAFILE);
-        vc_x509store_setflags(vc_store, VC_X509S_NODEF_CAFILE);
+  if (cafile && !access(cafile, F_OK)) {
-        vc_x509store_setcafile(vc_store, cafile);
+    vc_x509store_setflags(vc_store, VC_X509S_NODEF_CAFILE);
-      }
+    vc_x509store_setcafile(vc_store, cafile);
-      vc_x509store_setflags(vc_store, VC_X509S_SSL_VERIFY_PEER);
-      free(cafile);
  }
+  free(cafile);
  /* upgrade our plain BIO to ssl */
  int result = vc_tls_connect( serverfd, vc_store );
author	Dirk Engling <erdgeist@erdgeist.org>	2022-05-16 17:58:42 +0200
committer	Dirk Engling <erdgeist@erdgeist.org>	2022-05-16 17:58:42 +0200
commit	02ec90ef346db99502f4958c09e4ab079a6d0b29 (patch)
tree	2f280aad7077b207b53fb1f7b9229ce8fc671716
parent	d1ac67f6d73f24a165ccc008440bb8b208ae140f (diff)

diff --git a/vchat-connection.c b/vchat-connection.c index e3d79e9..6b38168 100644 --- a/vchat-connection.c +++ b/vchat-connection.c
@@ -83,7 +83,7 @@ vc_connect (const char server, const char port)
83	vc_x509store_t *vc_store;	83	vc_x509store_t *vc_store;
84		84
85	/* pointer to tilde-expanded certificate/keyfile-names */	85	/* pointer to tilde-expanded certificate/keyfile-names */
86	char *certfile = NULL;	86	char certfile, cafile;
87		87
88	/* Connect to the server */	88	/* Connect to the server */
89	serverfd = connect_tcp_socket( server, port );	89	serverfd = connect_tcp_socket( server, port );
@@ -123,16 +123,15 @@ vc_connect (const char server, const char port)
123	free(certfile);	123	free(certfile);
124	}	124	}
125		125
126	if (getintoption(CF_VERIFYSSL)) {	126	vc_x509store_setflags(vc_store, VC_X509S_SSL_VERIFY_PEER);
127	/* get name of key file */	127
128	char *cafile = get_tilde_expanded (CF_CAFILE);	128	/* get name of ca file */
129	if (cafile) {	129	cafile = get_tilde_expanded (CF_CAFILE);
130	vc_x509store_setflags(vc_store, VC_X509S_NODEF_CAFILE);	130	if (cafile && !access(cafile, F_OK)) {
131	vc_x509store_setcafile(vc_store, cafile);	131	vc_x509store_setflags(vc_store, VC_X509S_NODEF_CAFILE);
132	}	132	vc_x509store_setcafile(vc_store, cafile);
133	vc_x509store_setflags(vc_store, VC_X509S_SSL_VERIFY_PEER);
134	free(cafile);
135	}	133	}
		134	free(cafile);
136		135
137	/* upgrade our plain BIO to ssl */	136	/* upgrade our plain BIO to ssl */
138	int result = vc_tls_connect( serverfd, vc_store );	137	int result = vc_tls_connect( serverfd, vc_store );