Refuse to accept both --cafile and --capath.

Prior to this commit, the code accepts both the --cafile and the --capath options, as that's how it's always behaved. This patch corrects that, refusing to proceed if the options are provided. Technically, openssl permits the use of both the -CAfile and -CApath options. However, cipherscan itself can only make use of one of the two options, and does not currently support "one or both" scenarios. So this patch ensures that users are not caught unaware when they specify --capath and --cafile and the script refuses to honor the latter.
2024-11-22 06:13:42 +01:00 · 2015-09-05 00:34:24 -07:00 · 2015-09-05 00:34:24 -07:00 · 5dc692566a
commit 5dc692566a
parent e35a6155bc
1 changed files with 5 additions and 0 deletions
--- a/5
+++ b/5
@ -1340,6 +1340,11 @@ do
    esac
 done

+if [[ -n $CAPATH && -n $CACERTS ]]; then
+    echo "Both directory and file with CA certificates specified" 1>&2
+    exit 1
+fi
+
 # echo parameters left: $@

 TEMPTARGET=$(sed -e 's/^.* //'<<<"${@}")