https://bugs.gentoo.org/472584 http://rt.openssl.org/Ticket/Display.html?id=2387&user=guest&pass=guest fix verification handling in s_client. when loading paths, make sure we properly fallback to setting the default paths. --- a/apps/s_client.c +++ b/apps/s_client.c @@ -899,7 +899,7 @@ if (!set_cert_key_stuff(ctx,cert,key)) goto end; - if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) || + if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) && (!SSL_CTX_set_default_verify_paths(ctx))) { /* BIO_printf(bio_err,"error setting default verify locations\n"); */