debian/patches/020_ssl-ca.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14

Subject: Fix OpenSSL default always overrides ssl_ca_file and ssl_ca_path
Author: Tatsuya Kinoshita <tats@debian.org>

--- a/url.c
+++ b/url.c
@@ -445,7 +445,7 @@ openSSLHandle(int sock, char *hostname, char **p_cert)
 	    }
 	}
 	if ((!ssl_ca_file && !ssl_ca_path)
-	    || SSL_CTX_load_verify_locations(ssl_ctx, ssl_ca_file, ssl_ca_path))
+	    || !SSL_CTX_load_verify_locations(ssl_ctx, ssl_ca_file, ssl_ca_path))
 #endif				/* defined(USE_SSL_VERIFY) */
 	    SSL_CTX_set_default_verify_paths(ssl_ctx);
 #endif				/* SSLEAY_VERSION_NUMBER >= 0x0800 */