From a3bd16f3f3c5ff5f5669fc247221ae883ae6e213 Mon Sep 17 00:00:00 2001 From: Sadie Powell Date: Sun, 2 Nov 2025 18:31:07 +0000 Subject: Allow not setting the CA file in ssl_openssl. This matches the behaviour of ssl_gnutls. --- src/modules/extra/m_ssl_openssl.cpp | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'src/modules') diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index 67c334efd..bbdb426f5 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -467,11 +467,14 @@ namespace OpenSSL } // Load the CAs we trust - filename = ServerInstance->Config->Paths.PrependConfig(tag->getString("cafile", "ca.pem", 1)); - if ((!ctx.SetCA(filename)) || (!clientctx.SetCA(filename))) + filename = ServerInstance->Config->Paths.PrependConfig(tag->getString("cafile", "ca.pem")); + if (!filename.empty()) { - ERR_print_errors_cb(error_callback, this); - ServerInstance->Logs.Normal(MODNAME, "Can't read CA list from {}. This is only a problem if you want to verify client certificates, otherwise it's safe to ignore this message. Error: {}", filename, lasterr); + if (!ctx.SetCA(filename) || !clientctx.SetCA(filename)) + { + ERR_print_errors_cb(error_callback, this); + ServerInstance->Logs.Normal(MODNAME, "Can't read CA list from {}. This is only a problem if you want to verify client certificates, otherwise it's safe to ignore this message. Error: {}", filename, lasterr); + } } // Load the CRLs. -- cgit v1.3.1-10-gc9f91