diff options
| author | 2025-11-02 18:31:07 +0000 | |
|---|---|---|
| committer | 2025-11-02 21:28:32 +0000 | |
| commit | a3bd16f3f3c5ff5f5669fc247221ae883ae6e213 (patch) | |
| tree | f4801538df342ff41e6b423a24ed271a2d372653 /src | |
| parent | Remove a long-obsolete workaround from ssl_openssl. (diff) | |
Allow not setting the CA file in ssl_openssl.
This matches the behaviour of ssl_gnutls.
Diffstat (limited to 'src')
| -rw-r--r-- | src/configreader.cpp | 2 | ||||
| -rw-r--r-- | src/modules/extra/m_ssl_openssl.cpp | 11 |
2 files changed, 8 insertions, 5 deletions
diff --git a/src/configreader.cpp b/src/configreader.cpp index ac6cd7953..b55ebf86c 100644 --- a/src/configreader.cpp +++ b/src/configreader.cpp @@ -68,7 +68,7 @@ ServerConfig::ServerPaths::ServerPaths(const std::shared_ptr<ConfigTag>& tag) std::string ServerConfig::ServerPaths::ExpandPath(const std::string& base, const std::string& fragment) { // The fragment is an absolute path, don't modify it. - if (std::filesystem::path(fragment).is_absolute()) + if (fragment.empty() || std::filesystem::path(fragment).is_absolute()) return fragment; if (!fragment.compare(0, 2, "~/", 2)) diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index 67c334efd..bbdb426f5 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -467,11 +467,14 @@ namespace OpenSSL } // Load the CAs we trust - filename = ServerInstance->Config->Paths.PrependConfig(tag->getString("cafile", "ca.pem", 1)); - if ((!ctx.SetCA(filename)) || (!clientctx.SetCA(filename))) + filename = ServerInstance->Config->Paths.PrependConfig(tag->getString("cafile", "ca.pem")); + if (!filename.empty()) { - ERR_print_errors_cb(error_callback, this); - ServerInstance->Logs.Normal(MODNAME, "Can't read CA list from {}. This is only a problem if you want to verify client certificates, otherwise it's safe to ignore this message. Error: {}", filename, lasterr); + if (!ctx.SetCA(filename) || !clientctx.SetCA(filename)) + { + ERR_print_errors_cb(error_callback, this); + ServerInstance->Logs.Normal(MODNAME, "Can't read CA list from {}. This is only a problem if you want to verify client certificates, otherwise it's safe to ignore this message. Error: {}", filename, lasterr); + } } // Load the CRLs. |
