tls_wolfssl: fix regression in commit 77f5f5a

The wolfSSL_CTX_load_verify_locations_ex() function would still return an error when no valid CA certificate was found in the directory. Since before commit 77f5f5a, opensips startup would not fail when wolfSSL_CTX_load_verify_locations_ex() would return an error, the change in the above commit would constitute a regression for cases where no valid certificate is found in the directory. This commit brings the wolfssl behavior further in line with openssl. (cherry picked from commit 9999d31)
OpenSIPS · Mar 7, 2023 · 3f61bbe · 3f61bbe
1 parent 912530b
commit 3f61bbe
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/modules/tls_wolfssl/wolfssl_config.c b/modules/tls_wolfssl/wolfssl_config.c
@@ -435,7 +435,8 @@ static int load_ca_dir(WOLFSSL_CTX * ctx, char *directory)
 	int rc;
 
 	if ((rc = wolfSSL_CTX_load_verify_locations_ex(ctx, 0, directory,
-		WOLFSSL_LOAD_FLAG_IGNORE_ERR|WOLFSSL_LOAD_FLAG_IGNORE_BAD_PATH_ERR)) !=
+		WOLFSSL_LOAD_FLAG_IGNORE_ERR|WOLFSSL_LOAD_FLAG_IGNORE_BAD_PATH_ERR|
+		WOLFSSL_LOAD_FLAG_IGNORE_ZEROFILE)) !=
 		SSL_SUCCESS) {
 		LM_ERR("unable to load ca directory '%s' (ret=%d)\n", directory, rc);
 		return -1;