From 030ba53485e9b8a2793e1f1c9c8f62f8b8987e95 Mon Sep 17 00:00:00 2001 From: Laurent Bercot Date: Mon, 23 Nov 2020 15:39:17 +0000 Subject: stls client: prefer CAFILE, warn on CADIR use, because libtls is broken --- src/stls/stls_client_init_and_handshake.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/src/stls/stls_client_init_and_handshake.c b/src/stls/stls_client_init_and_handshake.c index f0cc5be..fdea482 100644 --- a/src/stls/stls_client_init_and_handshake.c +++ b/src/stls/stls_client_init_and_handshake.c @@ -37,19 +37,20 @@ struct tls *stls_client_init_and_handshake (int const *fds, uint32_t preoptions, stls_drop() ; - x = getenv("CADIR") ; + x = getenv("CAFILE") ; if (x) { - if (tls_config_set_ca_path(cfg, x) < 0) - diecfg(cfg, "tls_config_set_ca_path") ; + if (tls_config_set_ca_file(cfg, x) < 0) + diecfg(cfg, "tls_config_set_ca_file") ; } else { - x = getenv("CAFILE") ; + x = getenv("CADIR") ; if (x) { - if (tls_config_set_ca_file(cfg, x) < 0) - diecfg(cfg, "tls_config_set_ca_file") ; + if (tls_config_set_ca_path(cfg, x) < 0) + diecfg(cfg, "tls_config_set_ca_path") ; + strerr_warnw1x("some versions of libtls do not work with CADIR, try using CAFILE instead") ; } else strerr_diefu1x(100, "get trust anchor list: neither CADIR nor CAFILE is set") ; } -- cgit v1.2.3