main/openssl: fix openssl tools default CApath

Apply patch from openssl rt. (cherry picked from commit 095daa82b97cc5dd0de237e470e155476a3bc256)
author: Timo Teräs <timo.teras@iki.fi> 2013-06-15 19:45:12 +0300
committer: Natanael Copa <ncopa@alpinelinux.org> 2013-10-03 13:36:34 +0000
commit: 4b76335f8ece39f111b32e4092d5f5c1e134be4a (patch)
tree: d8b12271627c5611d797c73751e40ed0d8407c78
parent: 97c3ecede9d0feee851856364206b71a4a7466cb (diff)
download: alpine_aports-4b76335f8ece39f111b32e4092d5f5c1e134be4a.tar.bz2
alpine_aports-4b76335f8ece39f111b32e4092d5f5c1e134be4a.tar.xz
alpine_aports-4b76335f8ece39f111b32e4092d5f5c1e134be4a.zip
2 files changed, 111 insertions, 5 deletions
diff --git a/main/openssl/APKBUILD b/main/openssl/APKBUILD
index aef1505971..f0dfc3f085 100644
--- a/main/openssl/APKBUILD
+++ b/main/openssl/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Timo Teras <timo.teras@iki.fi>
 pkgname=openssl
 pkgver=1.0.1e
-pkgrel=1
+pkgrel=2
 pkgdesc="Toolkit for SSL v2/v3 and TLS v1"
 url="http://openssl.org"
 depends=
@@ -20,7 +20,8 @@ source="http://www.openssl.org/source/${pkgname}-${pkgver}.tar.gz
        0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch
        0004-crypto-engine-autoload-padlock-dynamic-engine.patch
        0005-s_client-ircv3-starttls.patch
-        openssl-1.0.1-version-eglibc.patch"
+        openssl-1.0.1-version-eglibc.patch
+        fix-default-apps-capath.patch"
 _builddir="$srcdir"/$pkgname-$pkgver
@@ -97,7 +98,8 @@ ddb5fc155145d5b852425adaec32234d  0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESH
 cef4633142031b59960200e87ce3bb18  0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch
 c32f42451a07267ee5dfb3781fa40c00  0004-crypto-engine-autoload-padlock-dynamic-engine.patch
 c5b1042a3acaf3591f3f5620b7086e12  0005-s_client-ircv3-starttls.patch
-d1f3aaad7c36590f21355682983cd14e  openssl-1.0.1-version-eglibc.patch"
+d1f3aaad7c36590f21355682983cd14e  openssl-1.0.1-version-eglibc.patch
+efec1bce615256961b1756e575ee1d0a  fix-default-apps-capath.patch"
 sha256sums="f74f15e8c8ff11aa3d5bb5f276d202ec18d7246e95f961db76054199c69c1ae3  openssl-1.0.1e.tar.gz
 fe844e21b2c42da2d8e9c89350211d70c0829f45532b89b7e492bfde589ee7ed  fix-manpages.patch
 82863c2fed659a7186c7f3905a1853b8bd8060350ad101ce159fa7e7d2ba27e8  openssl-bb-basename.patch
@@ -106,7 +108,8 @@ fe844e21b2c42da2d8e9c89350211d70c0829f45532b89b7e492bfde589ee7ed  fix-manpages.p
 cbb2493ec9157e78035e9cc02be17655996ee9cd0a71b79507fc19f3862f452b  0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch
 157ec6d17add25b96956abc7c44259c91eebe8a6c1026cdb976b895bf42ec56f  0004-crypto-engine-autoload-padlock-dynamic-engine.patch
 44b553d92e33c48f854a8e15b23830375bc400e987505c74956ac196266f0d46  0005-s_client-ircv3-starttls.patch
-51146851d8454dcb73138f794ced8bd629658b4a0524c466f61b653fff536c93  openssl-1.0.1-version-eglibc.patch"
+51146851d8454dcb73138f794ced8bd629658b4a0524c466f61b653fff536c93  openssl-1.0.1-version-eglibc.patch
+1e11d6b8cdcdd6957c69d33ab670c5918fc96c12fdb9b76b4287cb8f69c3545d  fix-default-apps-capath.patch"
 sha512sums="c76857e439431b2ef6f2aa123997e53f82b9c3c964d4d765d7cc6c0c20b37a21adf578f9b759b2b65ae3925454c432a01b7de0cd320ece7181dc292e00d3244e  openssl-1.0.1e.tar.gz
 880411d56da49946d24328445728367e0bf13b0fd47954971514bee8cd5613a038ad8aeaf68da2c92f4634deb022febd7b3e37f9bbfc5d2c9c8b3b5ffd971407  fix-manpages.patch
 6c4f4b0c1b606b3e5a8175618c4398923392f9c25ad8d3f5b65b0424fe51e104c4f456d2da590d9f572382225ab320278e88db1585790092450cad60a02819a5  openssl-bb-basename.patch
@@ -115,4 +118,5 @@ ea282b09d4692a29e5a554e19b0798fa921717d4892decc68cba92cad11e85e4064d8ac78d98f6fa
 b019320869d215014ad46e0b29aa239e31243571c4d45256b3ce6449a67fdc106a381c1cf3abd55ddbfd6a0e9ffa3e3167377317cbc72b254b1f9bcc0e22b8b6  0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch
 3bedc326ca3e5945bc4ec4dccfe596042ee87aaeaf90b5063110a99cc8e38584838d68289907e4a3fcdb8e04635052ad0759c94e1d7070bb317c2066e2506bbe  0004-crypto-engine-autoload-padlock-dynamic-engine.patch
 70cd257bbd5a86685dc2508399e67746b60ed5d581eb84fe4d4fc6af214f31b71e2a58ad758d572976a61f67bf64c37a935a9788db160f75bced75397b9bcce3  0005-s_client-ircv3-starttls.patch
-6db9d9ee62048d27f80e392eda99a46712ee85f1c8fd49f4931be73c880da8b84844a72657f7bceddb7db0026daddd31870d9c5065494f8d359ee8560284fd4a  openssl-1.0.1-version-eglibc.patch"
+6db9d9ee62048d27f80e392eda99a46712ee85f1c8fd49f4931be73c880da8b84844a72657f7bceddb7db0026daddd31870d9c5065494f8d359ee8560284fd4a  openssl-1.0.1-version-eglibc.patch
+f2e737146a473d55b99f27457718ca299a02a0c74009026a30c3d1347c575bc264962b5708995e02ef7d68521b8366ccea7320523efb87b1ab2632d73fec5658  fix-default-apps-capath.patch"
diff --git a/main/openssl/fix-default-apps-capath.patch b/main/openssl/fix-default-apps-capath.patch
new file mode 100644
index 0000000000..4c48f26612
--- /dev/null
+++ b/main/openssl/fix-default-apps-capath.patch
@@ -0,0 +1,102 @@
+http://rt.openssl.org/Ticket/Display.html?id=2936&user=guest&pass=guest
+diff -up openssl-1.0.1c/apps/s_client.c.default-paths openssl-1.0.1c/apps/s_client.c
+--- openssl-1.0.1c/apps/s_client.c.default-paths        2012-03-18 19:16:05.000000000 +0100
+++ openssl-1.0.1c/apps/s_client.c      2012-12-06 18:24:06.425933203 +0100
+@@ -1166,12 +1166,19 @@ bad:
+        if (!set_cert_key_stuff(ctx,cert,key))
+                goto end;
+ 
+-       if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
+-               (!SSL_CTX_set_default_verify_paths(ctx)))
+       if (CAfile == NULL && CApath == NULL)
+                {
+-               /* BIO_printf(bio_err,"error setting default verify locations\n"); */
+-               ERR_print_errors(bio_err);
+-               /* goto end; */
+               if (!SSL_CTX_set_default_verify_paths(ctx))
+                       {
+                       ERR_print_errors(bio_err);
+                       }
+               }
+       else
+               {
+               if (!SSL_CTX_load_verify_locations(ctx,CAfile,CApath))
+                       {
+                       ERR_print_errors(bio_err);
+                       }
+                }
+ 
+ #ifndef OPENSSL_NO_TLSEXT
+diff -up openssl-1.0.1c/apps/s_server.c.default-paths openssl-1.0.1c/apps/s_server.c
+--- openssl-1.0.1c/apps/s_server.c.default-paths        2012-03-18 19:16:05.000000000 +0100
+++ openssl-1.0.1c/apps/s_server.c      2012-12-06 18:25:11.199329611 +0100
+@@ -1565,13 +1565,21 @@ bad:
+                }
+ #endif
+ 
+-       if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
+-               (!SSL_CTX_set_default_verify_paths(ctx)))
+       if (CAfile == NULL && CApath == NULL)
+                {
+-               /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */
+-               ERR_print_errors(bio_err);
+-               /* goto end; */
+               if (!SSL_CTX_set_default_verify_paths(ctx))
+                       {
+                       ERR_print_errors(bio_err);
+                       }
+               }
+       else
+               {
+               if (!SSL_CTX_load_verify_locations(ctx,CAfile,CApath))
+                       {
+                       ERR_print_errors(bio_err);
+                       }
+                }
+
+        if (vpm)
+                SSL_CTX_set1_param(ctx, vpm);
+ 
+@@ -1622,8 +1630,11 @@ bad:
+                else
+                        SSL_CTX_sess_set_cache_size(ctx2,128);
+ 
+-               if ((!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath)) ||
+-                       (!SSL_CTX_set_default_verify_paths(ctx2)))
+               if (!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath))
+                       {
+                       ERR_print_errors(bio_err);
+                       }
+               if (!SSL_CTX_set_default_verify_paths(ctx2))
+                        {
+                        ERR_print_errors(bio_err);
+                        }
+diff -up openssl-1.0.1c/apps/s_time.c.default-paths openssl-1.0.1c/apps/s_time.c
+--- openssl-1.0.1c/apps/s_time.c.default-paths  2006-04-17 14:22:13.000000000 +0200
+++ openssl-1.0.1c/apps/s_time.c        2012-12-06 18:27:41.694574044 +0100
+@@ -373,12 +373,19 @@ int MAIN(int argc, char **argv)
+ 
+        SSL_load_error_strings();
+ 
+-       if ((!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath)) ||
+-               (!SSL_CTX_set_default_verify_paths(tm_ctx)))
+       if (CAfile == NULL && CApath == NULL)
+                {
+-               /* BIO_printf(bio_err,"error setting default verify locations\n"); */
+-               ERR_print_errors(bio_err);
+-               /* goto end; */
+               if (!SSL_CTX_set_default_verify_paths(tm_ctx))
+                       {
+                       ERR_print_errors(bio_err);
+                       }
+               }
+       else
+               {
+               if (!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath))
+                       {
+                       ERR_print_errors(bio_err);
+                       }
+                }
+ 
+        if (tm_cipher == NULL)
author	Timo Teräs <timo.teras@iki.fi>	2013-06-15 19:45:12 +0300
committer	Natanael Copa <ncopa@alpinelinux.org>	2013-10-03 13:36:34 +0000
commit	4b76335f8ece39f111b32e4092d5f5c1e134be4a (patch)
tree	d8b12271627c5611d797c73751e40ed0d8407c78
parent	97c3ecede9d0feee851856364206b71a4a7466cb (diff)
download	alpine_aports-4b76335f8ece39f111b32e4092d5f5c1e134be4a.tar.bz2 alpine_aports-4b76335f8ece39f111b32e4092d5f5c1e134be4a.tar.xz alpine_aports-4b76335f8ece39f111b32e4092d5f5c1e134be4a.zip

diff --git a/main/openssl/APKBUILD b/main/openssl/APKBUILD index aef1505971..f0dfc3f085 100644 --- a/main/openssl/APKBUILD +++ b/main/openssl/APKBUILD
@@ -1,7 +1,7 @@
1	# Maintainer: Timo Teras <timo.teras@iki.fi>	1	# Maintainer: Timo Teras <timo.teras@iki.fi>
2	pkgname=openssl	2	pkgname=openssl
3	pkgver=1.0.1e	3	pkgver=1.0.1e
4	pkgrel=1	4	pkgrel=2
5	pkgdesc="Toolkit for SSL v2/v3 and TLS v1"	5	pkgdesc="Toolkit for SSL v2/v3 and TLS v1"
6	url="http://openssl.org"	6	url="http://openssl.org"
7	depends=	7	depends=
@@ -20,7 +20,8 @@ source="http://www.openssl.org/source/${pkgname}-${pkgver}.tar.gz
20	0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch	20	0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch
21	0004-crypto-engine-autoload-padlock-dynamic-engine.patch	21	0004-crypto-engine-autoload-padlock-dynamic-engine.patch
22	0005-s_client-ircv3-starttls.patch	22	0005-s_client-ircv3-starttls.patch
23	openssl-1.0.1-version-eglibc.patch"	23	openssl-1.0.1-version-eglibc.patch
		24	fix-default-apps-capath.patch"
24		25
25	_builddir="$srcdir"/$pkgname-$pkgver	26	_builddir="$srcdir"/$pkgname-$pkgver
26		27
@@ -97,7 +98,8 @@ ddb5fc155145d5b852425adaec32234d 0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESH
97	cef4633142031b59960200e87ce3bb18 0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch	98	cef4633142031b59960200e87ce3bb18 0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch
98	c32f42451a07267ee5dfb3781fa40c00 0004-crypto-engine-autoload-padlock-dynamic-engine.patch	99	c32f42451a07267ee5dfb3781fa40c00 0004-crypto-engine-autoload-padlock-dynamic-engine.patch
99	c5b1042a3acaf3591f3f5620b7086e12 0005-s_client-ircv3-starttls.patch	100	c5b1042a3acaf3591f3f5620b7086e12 0005-s_client-ircv3-starttls.patch
100	d1f3aaad7c36590f21355682983cd14e openssl-1.0.1-version-eglibc.patch"	101	d1f3aaad7c36590f21355682983cd14e openssl-1.0.1-version-eglibc.patch
		102	efec1bce615256961b1756e575ee1d0a fix-default-apps-capath.patch"
101	sha256sums="f74f15e8c8ff11aa3d5bb5f276d202ec18d7246e95f961db76054199c69c1ae3 openssl-1.0.1e.tar.gz	103	sha256sums="f74f15e8c8ff11aa3d5bb5f276d202ec18d7246e95f961db76054199c69c1ae3 openssl-1.0.1e.tar.gz
102	fe844e21b2c42da2d8e9c89350211d70c0829f45532b89b7e492bfde589ee7ed fix-manpages.patch	104	fe844e21b2c42da2d8e9c89350211d70c0829f45532b89b7e492bfde589ee7ed fix-manpages.patch
103	82863c2fed659a7186c7f3905a1853b8bd8060350ad101ce159fa7e7d2ba27e8 openssl-bb-basename.patch	105	82863c2fed659a7186c7f3905a1853b8bd8060350ad101ce159fa7e7d2ba27e8 openssl-bb-basename.patch
@@ -106,7 +108,8 @@ fe844e21b2c42da2d8e9c89350211d70c0829f45532b89b7e492bfde589ee7ed fix-manpages.p
106	cbb2493ec9157e78035e9cc02be17655996ee9cd0a71b79507fc19f3862f452b 0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch	108	cbb2493ec9157e78035e9cc02be17655996ee9cd0a71b79507fc19f3862f452b 0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch
107	157ec6d17add25b96956abc7c44259c91eebe8a6c1026cdb976b895bf42ec56f 0004-crypto-engine-autoload-padlock-dynamic-engine.patch	109	157ec6d17add25b96956abc7c44259c91eebe8a6c1026cdb976b895bf42ec56f 0004-crypto-engine-autoload-padlock-dynamic-engine.patch
108	44b553d92e33c48f854a8e15b23830375bc400e987505c74956ac196266f0d46 0005-s_client-ircv3-starttls.patch	110	44b553d92e33c48f854a8e15b23830375bc400e987505c74956ac196266f0d46 0005-s_client-ircv3-starttls.patch
109	51146851d8454dcb73138f794ced8bd629658b4a0524c466f61b653fff536c93 openssl-1.0.1-version-eglibc.patch"	111	51146851d8454dcb73138f794ced8bd629658b4a0524c466f61b653fff536c93 openssl-1.0.1-version-eglibc.patch
		112	1e11d6b8cdcdd6957c69d33ab670c5918fc96c12fdb9b76b4287cb8f69c3545d fix-default-apps-capath.patch"
110	sha512sums="c76857e439431b2ef6f2aa123997e53f82b9c3c964d4d765d7cc6c0c20b37a21adf578f9b759b2b65ae3925454c432a01b7de0cd320ece7181dc292e00d3244e openssl-1.0.1e.tar.gz	113	sha512sums="c76857e439431b2ef6f2aa123997e53f82b9c3c964d4d765d7cc6c0c20b37a21adf578f9b759b2b65ae3925454c432a01b7de0cd320ece7181dc292e00d3244e openssl-1.0.1e.tar.gz
111	880411d56da49946d24328445728367e0bf13b0fd47954971514bee8cd5613a038ad8aeaf68da2c92f4634deb022febd7b3e37f9bbfc5d2c9c8b3b5ffd971407 fix-manpages.patch	114	880411d56da49946d24328445728367e0bf13b0fd47954971514bee8cd5613a038ad8aeaf68da2c92f4634deb022febd7b3e37f9bbfc5d2c9c8b3b5ffd971407 fix-manpages.patch
112	6c4f4b0c1b606b3e5a8175618c4398923392f9c25ad8d3f5b65b0424fe51e104c4f456d2da590d9f572382225ab320278e88db1585790092450cad60a02819a5 openssl-bb-basename.patch	115	6c4f4b0c1b606b3e5a8175618c4398923392f9c25ad8d3f5b65b0424fe51e104c4f456d2da590d9f572382225ab320278e88db1585790092450cad60a02819a5 openssl-bb-basename.patch
@@ -115,4 +118,5 @@ ea282b09d4692a29e5a554e19b0798fa921717d4892decc68cba92cad11e85e4064d8ac78d98f6fa
115	b019320869d215014ad46e0b29aa239e31243571c4d45256b3ce6449a67fdc106a381c1cf3abd55ddbfd6a0e9ffa3e3167377317cbc72b254b1f9bcc0e22b8b6 0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch	118	b019320869d215014ad46e0b29aa239e31243571c4d45256b3ce6449a67fdc106a381c1cf3abd55ddbfd6a0e9ffa3e3167377317cbc72b254b1f9bcc0e22b8b6 0003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch
116	3bedc326ca3e5945bc4ec4dccfe596042ee87aaeaf90b5063110a99cc8e38584838d68289907e4a3fcdb8e04635052ad0759c94e1d7070bb317c2066e2506bbe 0004-crypto-engine-autoload-padlock-dynamic-engine.patch	119	3bedc326ca3e5945bc4ec4dccfe596042ee87aaeaf90b5063110a99cc8e38584838d68289907e4a3fcdb8e04635052ad0759c94e1d7070bb317c2066e2506bbe 0004-crypto-engine-autoload-padlock-dynamic-engine.patch
117	70cd257bbd5a86685dc2508399e67746b60ed5d581eb84fe4d4fc6af214f31b71e2a58ad758d572976a61f67bf64c37a935a9788db160f75bced75397b9bcce3 0005-s_client-ircv3-starttls.patch	120	70cd257bbd5a86685dc2508399e67746b60ed5d581eb84fe4d4fc6af214f31b71e2a58ad758d572976a61f67bf64c37a935a9788db160f75bced75397b9bcce3 0005-s_client-ircv3-starttls.patch
118	6db9d9ee62048d27f80e392eda99a46712ee85f1c8fd49f4931be73c880da8b84844a72657f7bceddb7db0026daddd31870d9c5065494f8d359ee8560284fd4a openssl-1.0.1-version-eglibc.patch"	121	6db9d9ee62048d27f80e392eda99a46712ee85f1c8fd49f4931be73c880da8b84844a72657f7bceddb7db0026daddd31870d9c5065494f8d359ee8560284fd4a openssl-1.0.1-version-eglibc.patch
		122	f2e737146a473d55b99f27457718ca299a02a0c74009026a30c3d1347c575bc264962b5708995e02ef7d68521b8366ccea7320523efb87b1ab2632d73fec5658 fix-default-apps-capath.patch"


diff --git a/main/openssl/fix-default-apps-capath.patch b/main/openssl/fix-default-apps-capath.patch new file mode 100644 index 0000000000..4c48f26612 --- /dev/null +++ b/main/openssl/fix-default-apps-capath.patch
@@ -0,0 +1,102 @@
		1	http://rt.openssl.org/Ticket/Display.html?id=2936&user=guest&pass=guest
		2
		3	diff -up openssl-1.0.1c/apps/s_client.c.default-paths openssl-1.0.1c/apps/s_client.c
		4	--- openssl-1.0.1c/apps/s_client.c.default-paths 2012-03-18 19:16:05.000000000 +0100
		5	+++ openssl-1.0.1c/apps/s_client.c 2012-12-06 18:24:06.425933203 +0100
		6	@@ -1166,12 +1166,19 @@ bad:
		7	if (!set_cert_key_stuff(ctx,cert,key))
		8	goto end;
		9
		10	- if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) \|\|
		11	- (!SSL_CTX_set_default_verify_paths(ctx)))
		12	+ if (CAfile == NULL && CApath == NULL)
		13	{
		14	- /* BIO_printf(bio_err,"error setting default verify locations\n"); */
		15	- ERR_print_errors(bio_err);
		16	- /* goto end; */
		17	+ if (!SSL_CTX_set_default_verify_paths(ctx))
		18	+ {
		19	+ ERR_print_errors(bio_err);
		20	+ }
		21	+ }
		22	+ else
		23	+ {
		24	+ if (!SSL_CTX_load_verify_locations(ctx,CAfile,CApath))
		25	+ {
		26	+ ERR_print_errors(bio_err);
		27	+ }
		28	}
		29
		30	#ifndef OPENSSL_NO_TLSEXT
		31	diff -up openssl-1.0.1c/apps/s_server.c.default-paths openssl-1.0.1c/apps/s_server.c
		32	--- openssl-1.0.1c/apps/s_server.c.default-paths 2012-03-18 19:16:05.000000000 +0100
		33	+++ openssl-1.0.1c/apps/s_server.c 2012-12-06 18:25:11.199329611 +0100
		34	@@ -1565,13 +1565,21 @@ bad:
		35	}
		36	#endif
		37
		38	- if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) \|\|
		39	- (!SSL_CTX_set_default_verify_paths(ctx)))
		40	+ if (CAfile == NULL && CApath == NULL)
		41	{
		42	- /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */
		43	- ERR_print_errors(bio_err);
		44	- /* goto end; */
		45	+ if (!SSL_CTX_set_default_verify_paths(ctx))
		46	+ {
		47	+ ERR_print_errors(bio_err);
		48	+ }
		49	+ }
		50	+ else
		51	+ {
		52	+ if (!SSL_CTX_load_verify_locations(ctx,CAfile,CApath))
		53	+ {
		54	+ ERR_print_errors(bio_err);
		55	+ }
		56	}
		57	+
		58	if (vpm)
		59	SSL_CTX_set1_param(ctx, vpm);
		60
		61	@@ -1622,8 +1630,11 @@ bad:
		62	else
		63	SSL_CTX_sess_set_cache_size(ctx2,128);
		64
		65	- if ((!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath)) \|\|
		66	- (!SSL_CTX_set_default_verify_paths(ctx2)))
		67	+ if (!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath))
		68	+ {
		69	+ ERR_print_errors(bio_err);
		70	+ }
		71	+ if (!SSL_CTX_set_default_verify_paths(ctx2))
		72	{
		73	ERR_print_errors(bio_err);
		74	}
		75	diff -up openssl-1.0.1c/apps/s_time.c.default-paths openssl-1.0.1c/apps/s_time.c
		76	--- openssl-1.0.1c/apps/s_time.c.default-paths 2006-04-17 14:22:13.000000000 +0200
		77	+++ openssl-1.0.1c/apps/s_time.c 2012-12-06 18:27:41.694574044 +0100
		78	@@ -373,12 +373,19 @@ int MAIN(int argc, char **argv)
		79
		80	SSL_load_error_strings();
		81
		82	- if ((!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath)) \|\|
		83	- (!SSL_CTX_set_default_verify_paths(tm_ctx)))
		84	+ if (CAfile == NULL && CApath == NULL)
		85	{
		86	- /* BIO_printf(bio_err,"error setting default verify locations\n"); */
		87	- ERR_print_errors(bio_err);
		88	- /* goto end; */
		89	+ if (!SSL_CTX_set_default_verify_paths(tm_ctx))
		90	+ {
		91	+ ERR_print_errors(bio_err);
		92	+ }
		93	+ }
		94	+ else
		95	+ {
		96	+ if (!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath))
		97	+ {
		98	+ ERR_print_errors(bio_err);
		99	+ }
		100	}
		101
		102	if (tm_cipher == NULL)