X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=lib%2Fstream-ssl.c;h=32f21fcb96d2c059439c4d637e89531a8851a535;hb=9df30404d9f806daa6f9851412b2a295f3540e75;hp=4874bbe482a79b9bc1b80b7ee7d7595bc8e74f26;hpb=ccf16467108326ba35686f549534f254db02b113;p=sliver-openvswitch.git

diff --git a/lib/stream-ssl.c b/lib/stream-ssl.c
index 4874bbe48..32f21fcb9 100644
--- a/lib/stream-ssl.c
+++ b/lib/stream-ssl.c
@@ -436,6 +436,7 @@ do_ca_cert_bootstrap(struct stream *stream)
     if (!cert) {
         out_of_memory();
     }
+    SSL_CTX_set_cert_store(ctx, X509_STORE_new());
     if (SSL_CTX_load_verify_locations(ctx, ca_cert.file_name, NULL) != 1) {
         VLOG_ERR("SSL_CTX_load_verify_locations: %s",
                  ERR_error_string(ERR_get_error(), NULL));
@@ -1311,6 +1312,7 @@ stream_ssl_set_ca_cert_file__(const char *file_name, bool bootstrap)
 
         /* Set up CAs for OpenSSL to trust in verifying the peer's
          * certificate. */
+        SSL_CTX_set_cert_store(ctx, X509_STORE_new());
         if (SSL_CTX_load_verify_locations(ctx, file_name, NULL) != 1) {
             VLOG_ERR("SSL_CTX_load_verify_locations: %s",
                      ERR_error_string(ERR_get_error(), NULL));