From 5392adc26515e4ac26ebd612eb88282bdb23a1a4 Mon Sep 17 00:00:00 2001
From: Vlad Turchenko <vlad@penza19.com>
Date: Tue, 16 Mar 2021 16:55:29 -0600
Subject: set default SSL certificate directory

---
 hiredis_ssl.h | 1 +
 ssl.c         | 5 +++++
 2 files changed, 6 insertions(+)

diff --git a/hiredis_ssl.h b/hiredis_ssl.h
index 26bc9e9..cef8893 100644
--- a/hiredis_ssl.h
+++ b/hiredis_ssl.h
@@ -56,6 +56,7 @@ typedef enum {
     REDIS_SSL_CTX_CERT_KEY_REQUIRED,            /* Client cert and key must both be specified or skipped */
     REDIS_SSL_CTX_CA_CERT_LOAD_FAILED,          /* Failed to load CA Certificate or CA Path */
     REDIS_SSL_CTX_CLIENT_CERT_LOAD_FAILED,      /* Failed to load client certificate */
+    REDIS_SSL_CTX_CLIENT_DEFAULT_CERT_FAILED,   /* Failed to set client default certificate directory */
     REDIS_SSL_CTX_PRIVATE_KEY_LOAD_FAILED,      /* Failed to load private key */
     REDIS_SSL_CTX_OS_CERTSTORE_OPEN_FAILED,     /* Failed to open system certifcate store */
     REDIS_SSL_CTX_OS_CERT_ADD_FAILED            /* Failed to add CA certificates obtained from system to the SSL context */
diff --git a/ssl.c b/ssl.c
index a05b898..7d7ff66 100644
--- a/ssl.c
+++ b/ssl.c
@@ -293,6 +293,11 @@ redisSSLContext *redisCreateSSLContextWithOptions(redisSSLOptions *options, redi
             if (error) *error = REDIS_SSL_CTX_CA_CERT_LOAD_FAILED;
             goto error;
         }
+    } else {
+        if (!SSL_CTX_set_default_verify_paths(ctx->ssl_ctx)) {
+            if (error) *error = REDIS_SSL_CTX_CLIENT_DEFAULT_CERT_FAILED;
+            goto error;
+        }
     }
 
     if (cert_filename) {
-- 
cgit v1.2.3