From de2271154502f2fe7bc6259208bcb092d4e82ae3 Mon Sep 17 00:00:00 2001
From: Benny Baumann <BenBE@geshi.org>
Date: Mon, 23 Feb 2015 19:34:16 +0100
Subject: [PATCH] fix: Check the CA certificate file could be loaded

---
 src/crypto/sslUtil.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/crypto/sslUtil.cpp b/src/crypto/sslUtil.cpp
index 753981c..5855e66 100644
--- a/src/crypto/sslUtil.cpp
+++ b/src/crypto/sslUtil.cpp
@@ -94,7 +94,9 @@ std::shared_ptr<SSL_CTX> generateSSLContext( bool server ) {
     SSL_CTX_set_verify( ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, verify_callback );
     SSL_CTX_use_certificate_file( ctx.get(), server ? "keys/signer_server.crt" : "keys/signer_client.crt", SSL_FILETYPE_PEM );
     SSL_CTX_use_PrivateKey_file( ctx.get(), server ? "keys/signer_server.key" : "keys/signer_client.key", SSL_FILETYPE_PEM );
-    SSL_CTX_load_verify_locations( ctx.get(), "keys/ca.crt", 0 );
+    if( 1 != SSL_CTX_load_verify_locations( ctx.get(), "keys/ca.crt", 0 ) ) {
+        throw "Cannot load CA store for certificate validation.";
+    }
 
     if( server ) {
         STACK_OF( X509_NAME ) *names = SSL_load_client_CA_file( "keys/env.crt" );
-- 
2.39.2