From ef878ea895b52082c1c490a4f4e604e5e29fb58b Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Sun, 31 May 2015 12:14:04 +0000
Subject: [PATCH] Notify in -v mode if SSL verification fails, even if
 --ssl-verify was not requested. Fixes #30

---
 ncat/ncat_connect.c | 24 +++++++++++++-----------
 1 file changed, 13 insertions(+), 11 deletions(-)

diff --git a/ncat/ncat_connect.c b/ncat/ncat_connect.c
index f20554cda..cde82772c 100644
--- a/ncat/ncat_connect.c
+++ b/ncat/ncat_connect.c
@@ -210,20 +210,22 @@ static int verify_callback(int ok, X509_STORE_CTX *store)
 
 static void set_ssl_ctx_options(SSL_CTX *ctx)
 {
+    if (o.ssltrustfile == NULL) {
+        ssl_load_default_ca_certs(ctx);
+    } else {
+        if (o.debug)
+            logdebug("Using trusted CA certificates from %s.\n", o.ssltrustfile);
+        if (SSL_CTX_load_verify_locations(ctx, o.ssltrustfile, NULL) != 1) {
+            bye("Could not load trusted certificates from %s.\n%s",
+                o.ssltrustfile, ERR_error_string(ERR_get_error(), NULL));
+        }
+    }
+
     if (o.sslverify) {
         SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, verify_callback);
-
-        if (o.ssltrustfile == NULL) {
-            ssl_load_default_ca_certs(ctx);
-        } else {
-            if (o.debug)
-                logdebug("Using trusted CA certificates from %s.\n", o.ssltrustfile);
-            if (SSL_CTX_load_verify_locations(ctx, o.ssltrustfile, NULL) != 1) {
-                bye("Could not load trusted certificates from %s.\n%s",
-                    o.ssltrustfile, ERR_error_string(ERR_get_error(), NULL));
-            }
-        }
     } else {
+        /* Still check verification status and report it */
+        SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, verify_callback);
         if (o.ssl && o.debug)
             logdebug("Not doing certificate verification.\n");
     }