* src/openssl.c (ssl_init): Check for X509_V_FLAG_PARTIAL_CHAIN

2025-03-09 09:10:17 +08:00 · 2019-04-03 14:54:45 +02:00 · 2019-04-03 14:54:45 +02:00 · 0eaa5f1771
commit 0eaa5f1771
parent 39f17b3555
1 changed files with 2 additions and 0 deletions
--- a/src/openssl.c
+++ b/src/openssl.c
@ -328,6 +328,7 @@ ssl_init (void)
  SSL_CTX_set_default_verify_paths (ssl_ctx);
  SSL_CTX_load_verify_locations (ssl_ctx, opt.ca_cert, opt.ca_directory);

+#ifdef X509_V_FLAG_PARTIAL_CHAIN
  /* Set X509_V_FLAG_PARTIAL_CHAIN to allow the client to anchor trust in
   * a non-self-signed certificate. This defies RFC 4158 (Path Building)
   * which defines a trust anchor in terms of a self-signed certificate.
@ -356,6 +357,7 @@ ssl_init (void)
      logprintf(LOG_NOTQUIET, _("OpenSSL: Failed to allocate verification param\n"));
      /* We continue on error */
    }
+#endif

  if (opt.crl_file)
    {