aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorGravatar Sadie Powell2025-11-02 18:31:07 +0000
committerGravatar Sadie Powell2025-11-02 21:28:32 +0000
commita3bd16f3f3c5ff5f5669fc247221ae883ae6e213 (patch)
treef4801538df342ff41e6b423a24ed271a2d372653 /src
parentRemove a long-obsolete workaround from ssl_openssl. (diff)
Allow not setting the CA file in ssl_openssl.
This matches the behaviour of ssl_gnutls.
Diffstat (limited to 'src')
-rw-r--r--src/configreader.cpp2
-rw-r--r--src/modules/extra/m_ssl_openssl.cpp11
2 files changed, 8 insertions, 5 deletions
diff --git a/src/configreader.cpp b/src/configreader.cpp
index ac6cd7953..b55ebf86c 100644
--- a/src/configreader.cpp
+++ b/src/configreader.cpp
@@ -68,7 +68,7 @@ ServerConfig::ServerPaths::ServerPaths(const std::shared_ptr<ConfigTag>& tag)
std::string ServerConfig::ServerPaths::ExpandPath(const std::string& base, const std::string& fragment)
{
// The fragment is an absolute path, don't modify it.
- if (std::filesystem::path(fragment).is_absolute())
+ if (fragment.empty() || std::filesystem::path(fragment).is_absolute())
return fragment;
if (!fragment.compare(0, 2, "~/", 2))
diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp
index 67c334efd..bbdb426f5 100644
--- a/src/modules/extra/m_ssl_openssl.cpp
+++ b/src/modules/extra/m_ssl_openssl.cpp
@@ -467,11 +467,14 @@ namespace OpenSSL
}
// Load the CAs we trust
- filename = ServerInstance->Config->Paths.PrependConfig(tag->getString("cafile", "ca.pem", 1));
- if ((!ctx.SetCA(filename)) || (!clientctx.SetCA(filename)))
+ filename = ServerInstance->Config->Paths.PrependConfig(tag->getString("cafile", "ca.pem"));
+ if (!filename.empty())
{
- ERR_print_errors_cb(error_callback, this);
- ServerInstance->Logs.Normal(MODNAME, "Can't read CA list from {}. This is only a problem if you want to verify client certificates, otherwise it's safe to ignore this message. Error: {}", filename, lasterr);
+ if (!ctx.SetCA(filename) || !clientctx.SetCA(filename))
+ {
+ ERR_print_errors_cb(error_callback, this);
+ ServerInstance->Logs.Normal(MODNAME, "Can't read CA list from {}. This is only a problem if you want to verify client certificates, otherwise it's safe to ignore this message. Error: {}", filename, lasterr);
+ }
}
// Load the CRLs.