Merge branch '2.3' into 2.4

2020-01-17 09:24:42 +02:00
parent b6dc67f1b9 b573fcf030
commit df3ae56952
3 changed files with 18 additions and 20 deletions
--- a/server/core/config.cc
+++ b/server/core/config.cc
@ -2889,15 +2889,6 @@ bool config_create_ssl(const char* name,

    if (value)
    {
-        if (!params.contains(CN_SSL_CA_CERT))
-        {
-            MXS_ERROR("CA Certificate missing for '%s'."
-                      "Please provide the path to the certificate authority "
-                      "certificate by adding the ssl_ca_cert=<path> parameter",
-                      name);
-            ok = false;
-        }
-
        if (require_cert)
        {
            if (!params.contains(CN_SSL_CERT))
--- a/server/core/ssl.cc
+++ b/server/core/ssl.cc
@ -335,12 +335,18 @@ bool SSLContext::init()
        SSL_CTX_set_tmp_rsa_callback(m_ctx, tmp_rsa_callback);
    }

-    mxb_assert(!m_cfg.ca.empty());
-
-    /* Load the CA certificate into the SSL_CTX structure */
-    if (!SSL_CTX_load_verify_locations(m_ctx, m_cfg.ca.c_str(), NULL))
+    if (!m_cfg.ca.empty())
    {
-        MXS_ERROR("Failed to set Certificate Authority file: %s", get_ssl_errors());
+        /* Load the CA certificate into the SSL_CTX structure */
+        if (!SSL_CTX_load_verify_locations(m_ctx, m_cfg.ca.c_str(), NULL))
+        {
+            MXS_ERROR("Failed to set Certificate Authority file: %s", get_ssl_errors());
+            return false;
+        }
+    }
+    else if (SSL_CTX_set_default_verify_paths(m_ctx) == 0)
+    {
+        MXS_ERROR("Failed to set default CA verify paths: %s", get_ssl_errors());
        return false;
    }