From 1644c3b897cfbb122fb995034ea2b96684040f29 Mon Sep 17 00:00:00 2001
From: Tatsuya Kinoshita <tats@debian.org>
Date: Sat, 13 Feb 2021 13:56:00 +0900
Subject: Use ssl_ca_file and ssl_ca_path only when ssl_verify_server

---
 url.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'url.c')

diff --git a/url.c b/url.c
index a91ef91..e267560 100644
--- a/url.c
+++ b/url.c
@@ -446,6 +446,7 @@ openSSLHandle(int sock, char *hostname, char **p_cert)
 	}
 	if ((!ssl_ca_file || *ssl_ca_file == '\0')
 	    && (!ssl_ca_path || *ssl_ca_path == '\0')
+	    || !ssl_verify_server
 	    || !SSL_CTX_load_verify_locations(ssl_ctx, ssl_ca_file, ssl_ca_path))
 #endif				/* defined(USE_SSL_VERIFY) */
 	    SSL_CTX_set_default_verify_paths(ssl_ctx);
-- 
cgit v1.2.3