Setting a new WOLFSSL_X509_STORE is not necessary when calling wolfSSL_CTX_load_verify_locations(). Signed-off-by: Juliusz Sosinowicz <juliusz@xxxxxxxxxxx> --- src/crypto/tls_wolfssl.c | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/src/crypto/tls_wolfssl.c b/src/crypto/tls_wolfssl.c index 4016b6a46b..f126c37479 100644 --- a/src/crypto/tls_wolfssl.c +++ b/src/crypto/tls_wolfssl.c @@ -1383,15 +1383,8 @@ static int tls_connection_ca_cert(void *tls_ctx, struct tls_connection *conn, } if (ca_cert || ca_path) { - WOLFSSL_X509_STORE *cm = wolfSSL_X509_STORE_new(); - - if (!cm) { - wpa_printf(MSG_INFO, - "SSL: failed to create certificate store"); - return -1; - } - wolfSSL_CTX_set_cert_store(ctx, cm); - + wpa_printf(MSG_DEBUG, "SSL: loading CA's from '%s' and '%s'", + ca_cert ? ca_cert : "N/A", ca_path ? ca_path : "N/A"); if (wolfSSL_CTX_load_verify_locations(ctx, ca_cert, ca_path) != SSL_SUCCESS) { wpa_printf(MSG_INFO, @@ -1408,6 +1401,7 @@ static int tls_connection_ca_cert(void *tls_ctx, struct tls_connection *conn, return -1; } } + wpa_printf(MSG_DEBUG, "SSL: Loaded ca_cert or ca_path"); return 0; } -- 2.34.1 _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap