Actually set default SSL certificate path if --sslcertpath is unset.

Reported by Heino Tiedemann and Rob MacGregor.

svn path=/branches/BRANCH_6-3/; revision=4516

diff --git a/NEWS b/NEWS
index cd0f1cec38a13ae71e6b60da04558a81d5c8f410..32e628c39bf3e4d64f27fb6abba9a416e334fa26 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -12,6 +12,8 @@ fetchmail 6.3.1 (not yet released):
 * Fix broken default port in POP2. Patch by Stanislav Brabec, SUSE [CZ]. (MA)
 * Fix manual page, some lines starting with ' were escaped by \&. (MA)
 * Ship with gettext-0.14.3 again, as 6.2.9-rc10 did. Found by Sunil Shetye. (MA)
+* Actually set default SSL certificate path if --sslcertpath is unset.
+  Reported by Heino Tiedemann and Rob MacGregor. (MA)
 
 fetchmail 6.3.0 (released 2005-11-30):
 

diff --git a/socket.c b/socket.c
index 6fade9dd76708a49ef120ddac9905118e465b4a7..dbd8ce144a465f1b93399329e2d2873760548946 100644 (file)
--- a/socket.c
+++ b/socket.c
@@ -841,6 +841,8 @@ int SSLOpen(int sock, char *mycert, char *mykey, char *myproto, int certck, char
        }
        if (certpath)
                SSL_CTX_load_verify_locations(_ctx, NULL, certpath);
+       else
+               SSL_CTX_set_default_verify_paths(_ctx);
        
        _ssl_context[sock] = SSL_new(_ctx);