diff -up openssl-1.0.2c/apps/s_server.c.default-paths openssl-1.0.2c/apps/s_server.c --- openssl-1.0.2c/apps/s_server.c.default-paths 2015-06-12 16:51:21.000000000 +0200 +++ openssl-1.0.2c/apps/s_server.c 2015-06-15 17:24:17.747446515 +0200 @@ -1788,12 +1788,16 @@ int MAIN(int argc, char *argv[]) } #endif - if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) || - (!SSL_CTX_set_default_verify_paths(ctx))) { - /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */ - ERR_print_errors(bio_err); - /* goto end; */ + if (CAfile == NULL && CApath == NULL) { + if (!SSL_CTX_set_default_verify_paths(ctx)) { + ERR_print_errors(bio_err); + } + } else { + if (!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) { + ERR_print_errors(bio_err); + } } + if (vpm) SSL_CTX_set1_param(ctx, vpm); @@ -1850,8 +1854,10 @@ int MAIN(int argc, char *argv[]) else SSL_CTX_sess_set_cache_size(ctx2, 128); - if ((!SSL_CTX_load_verify_locations(ctx2, CAfile, CApath)) || - (!SSL_CTX_set_default_verify_paths(ctx2))) { + if (!SSL_CTX_load_verify_locations(ctx2, CAfile, CApath)) { + ERR_print_errors(bio_err); + } + if (!SSL_CTX_set_default_verify_paths(ctx2)) { ERR_print_errors(bio_err); } if (vpm) diff -up openssl-1.0.2c/apps/s_time.c.default-paths openssl-1.0.2c/apps/s_time.c --- openssl-1.0.2c/apps/s_time.c.default-paths 2015-06-12 16:51:21.000000000 +0200 +++ openssl-1.0.2c/apps/s_time.c 2015-06-15 17:24:17.747446515 +0200 @@ -381,13 +381,14 @@ int MAIN(int argc, char **argv) SSL_load_error_strings(); - if ((!SSL_CTX_load_verify_locations(tm_ctx, CAfile, CApath)) || - (!SSL_CTX_set_default_verify_paths(tm_ctx))) { - /* - * BIO_printf(bio_err,"error setting default verify locations\n"); - */ - ERR_print_errors(bio_err); - /* goto end; */ + if (CAfile == NULL && CApath == NULL) { + if (!SSL_CTX_set_default_verify_paths(tm_ctx)) { + ERR_print_errors(bio_err); + } + } else { + if (!SSL_CTX_load_verify_locations(tm_ctx, CAfile, CApath)) { + ERR_print_errors(bio_err); + } } if (tm_cipher == NULL)