tyler.durden/icinga2
1
0
Fork 0
mirror of https://github.com/Icinga/icinga2.git synced 2025-04-08 17:05:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

InitSslContext(): fall back to default root CAs

Browse Source
This commit is contained in:
Alexander A. Klimov 2021-07-20 13:44:06 +02:00
parent 2728603c29
commit fbcaf82e3e
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
lib/base/tlsutility.cpp
View File

@ -137,7 +137,16 @@ static void InitSslContext(const Shared<boost::asio::ssl::context>::Ptr& context
}
}
if (!cakey.IsEmpty()) {
if (cakey.IsEmpty()) {
if (!SSL_CTX_set_default_verify_paths(sslContext)) {
ERR_error_string_n(ERR_peek_error(), errbuf, sizeof errbuf);
Log(LogCritical, "SSL")
<< "Error loading system's root CAs: " << ERR_peek_error() << ", \"" << errbuf << "\"";
BOOST_THROW_EXCEPTION(openssl_error()
<< boost::errinfo_api_function("SSL_CTX_set_default_verify_paths")
<< errinfo_openssl_error(ERR_peek_error());
}
} else {
if (!SSL_CTX_load_verify_locations(sslContext, cakey.CStr(), nullptr)) {
ERR_error_string_n(ERR_peek_error(), errbuf, sizeof errbuf);
Log(LogCritical, "SSL")