commit 328f36c5c51994391363162b76c94819f9a12ae0
author Rob Percival <robpercival@google.com> Fri Mar 04 19:06:43 2016 +0000
committer Rich Salz <rsalz@openssl.org> Wed Mar 09 13:07:09 2016 -0500
tree 1c08ac98876a0d79ca8293fbc52e82b1b3f124fe
parent 60b350a3ef9620866a43358ecd1874c6fc482d9c

Do not display a CT log error message if CT validation is disabled

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

apps/s_client.c

diff --git a/apps/s_client.c b/apps/s_client.c
index 25f5148..cf238c7 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1670,8 +1670,18 @@
     }
 
     if (!ctx_set_ctlog_list_file(ctx, ctlog_file)) {
-        ERR_print_errors(bio_err);
-        goto end;
+        if (ct_validation != NULL) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+
+        /*
+         * If CT validation is not enabled, the log list isn't needed so don't
+         * show errors or abort. We try to load it regardless because then we
+         * can show the names of the logs any SCTs came from (SCTs may be seen
+         * even with validation disabled).
+         */
+        ERR_clear_error();
     }
 #endif