From 02ec90ef346db99502f4958c09e4ab079a6d0b29 Mon Sep 17 00:00:00 2001
From: Dirk Engling <erdgeist@erdgeist.org>
Date: Mon, 16 May 2022 17:58:42 +0200
Subject: Only set ca file if it exists. Prevents error in openssl for the
 default path

---
 vchat-connection.c | 19 +++++++++----------
 1 file changed, 9 insertions(+), 10 deletions(-)

diff --git a/vchat-connection.c b/vchat-connection.c
index e3d79e9..6b38168 100644
--- a/vchat-connection.c
+++ b/vchat-connection.c
@@ -83,7 +83,7 @@ vc_connect (const char *server, const char *port)
   vc_x509store_t *vc_store;
 
   /* pointer to tilde-expanded certificate/keyfile-names */
-  char *certfile = NULL;
+  char *certfile, *cafile;
 
   /* Connect to the server */
   serverfd = connect_tcp_socket( server, port );
@@ -123,16 +123,15 @@ vc_connect (const char *server, const char *port)
     free(certfile);
   }
 
-  if (getintoption(CF_VERIFYSSL)) {
-      /* get name of key file */
-      char *cafile = get_tilde_expanded (CF_CAFILE);
-      if (cafile) {
-        vc_x509store_setflags(vc_store, VC_X509S_NODEF_CAFILE);
-        vc_x509store_setcafile(vc_store, cafile);
-      }
-      vc_x509store_setflags(vc_store, VC_X509S_SSL_VERIFY_PEER);
-      free(cafile);
+  vc_x509store_setflags(vc_store, VC_X509S_SSL_VERIFY_PEER);
+
+  /* get name of ca file */
+  cafile = get_tilde_expanded (CF_CAFILE);
+  if (cafile && !access(cafile, F_OK)) {
+    vc_x509store_setflags(vc_store, VC_X509S_NODEF_CAFILE);
+    vc_x509store_setcafile(vc_store, cafile);
   }
+  free(cafile);
 
   /* upgrade our plain BIO to ssl */
   int result = vc_tls_connect( serverfd, vc_store );
-- 
cgit v1.2.3