From dcce5a04612c307453519d72f28caceb73fdab2a Mon Sep 17 00:00:00 2001
From: Linus Nordberg <linus@nordu.net>
Date: Mon, 23 Apr 2012 14:44:49 +0200
Subject: Conditionally compile TLS-PSK code (--enable-tls-psk).

Also, allow for PSK-only configuration, i.e. don't barf on missing cert stuff.
---
 lib/rsp_tlscommon.c | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

(limited to 'lib/rsp_tlscommon.c')

diff --git a/lib/rsp_tlscommon.c b/lib/rsp_tlscommon.c
index a34fe33..75aa891 100644
--- a/lib/rsp_tlscommon.c
+++ b/lib/rsp_tlscommon.c
@@ -271,14 +271,15 @@ static SSL_CTX *tlscreatectx(uint8_t type, struct tls *conf) {
 	}
     }
 
-    if (!tlsaddcacrl(ctx, conf)) {
-	if (conf->vpm) {
-	    X509_VERIFY_PARAM_free(conf->vpm);
-	    conf->vpm = NULL;
-	}
-	SSL_CTX_free(ctx);
-	return NULL;
-    }
+    if (conf->cacertfile != NULL || conf->cacertpath != NULL)
+        if (!tlsaddcacrl(ctx, conf)) {
+            if (conf->vpm) {
+                X509_VERIFY_PARAM_free(conf->vpm);
+                conf->vpm = NULL;
+            }
+            SSL_CTX_free(ctx);
+            return NULL;
+        }
 
     debug(DBG_DBG, "tlscreatectx: created TLS context %s", conf->name);
     return ctx;
-- 
cgit v1.1