test existence of cert.pem (problem seems common, Paul and me already

[claws.git] / src / common / ssl.c

diff --git a/src/common/ssl.c b/src/common/ssl.c
index f491a35268a0d22269b5e89dd0e5245c7ff53fc2..b8c401e7e46e88bf77938fc985505fbedb0660ab 100644 (file)
--- a/src/common/ssl.c
+++ b/src/common/ssl.c
@@ -38,6 +38,7 @@ static SSL_CTX *ssl_ctx;
 void ssl_init(void)
 {
        SSL_METHOD *meth;
 void ssl_init(void)
 {
        SSL_METHOD *meth;

+       FILE *cert_test;

 
        /* Global system initialization*/
        SSL_library_init();
 
        /* Global system initialization*/
        SSL_library_init();


@@ -49,6 +50,16 @@ void ssl_init(void)
 
        /* Set default certificate paths */
        SSL_CTX_set_default_verify_paths(ssl_ctx);
 
        /* Set default certificate paths */
        SSL_CTX_set_default_verify_paths(ssl_ctx);

+       
+       /* this problem seems quite common */
+       cert_test = fopen (X509_get_default_cert_file(), "r");
+       if (cert_test != NULL)
+               fclose(cert_test);
+       else {
+               printf("ssl_init: warning, can't open %s\n", X509_get_default_cert_file());
+               printf("ssl_init: it means that certificates' signatures won't appear as Correct,\n");
+               printf("ssl_init: even if they should. Check your openssl install.\n");
+       }

 #if (OPENSSL_VERSION_NUMBER < 0x0090600fL)
        SSL_CTX_set_verify_depth(ctx,1);
 #endif
 #if (OPENSSL_VERSION_NUMBER < 0x0090600fL)
        SSL_CTX_set_verify_depth(ctx,1);
 #endif