3 files changed, 12 insertions, 13 deletions

diff --git a/src/common/server.c b/src/common/server.c
index 1825117c..f90ce28f 100644
--- a/src/common/server.c
+++ b/src/common/server.c
@@ -772,7 +772,7 @@ server_connect_success (server *serv)
 
 		/* it'll be a memory leak, if connection isn't terminated by
 		   server_cleanup() */
-		if ((err = _SSL_set_verify (serv->ctx, ssl_cb_verify, NULL)))
+		if ((err = _SSL_set_verify (serv->ctx, ssl_cb_verify)))
 		{
 			EMIT_SIGNAL (XP_TE_CONNFAIL, serv->server_session, err, NULL,
 							 NULL, NULL, 0);
diff --git a/src/common/ssl.c b/src/common/ssl.c
index 0eb78bd7..e7f7e0a8 100644
--- a/src/common/ssl.c
+++ b/src/common/ssl.c
@@ -321,23 +321,22 @@ _SSL_socket (SSL_CTX *ctx, int sd)
 
 
 char *
-_SSL_set_verify (SSL_CTX *ctx, void *verify_callback, char *cacert)
+_SSL_set_verify (SSL_CTX *ctx, void *verify_callback)
 {
-	if (!SSL_CTX_set_default_verify_paths (ctx))
+#ifdef DEFAULT_CERT_FILE
+	if (!SSL_CTX_load_verify_locations (ctx, DEFAULT_CERT_FILE, NULL))
 	{
-		__SSL_fill_err_buf ("SSL_CTX_set_default_verify_paths");
+		__SSL_fill_err_buf ("SSL_CTX_load_verify_locations");
 		return (err_buf);
 	}
-/*
-	if (cacert)
+#else
+	if (!SSL_CTX_set_default_verify_paths (ctx))
 	{
-		if (!SSL_CTX_load_verify_locations (ctx, cacert, NULL))
-		{
-			__SSL_fill_err_buf ("SSL_CTX_load_verify_locations");
-			return (err_buf);
-		}
+		__SSL_fill_err_buf ("SSL_CTX_set_default_verify_paths");
+		return (err_buf);
 	}
-*/
+#endif
+
 	SSL_CTX_set_verify (ctx, SSL_VERIFY_PEER, verify_callback);
 
 	return (NULL);
diff --git a/src/common/ssl.h b/src/common/ssl.h
index e722f831..bea2f440 100644
--- a/src/common/ssl.h
+++ b/src/common/ssl.h
@@ -45,7 +45,7 @@ SSL_CTX *_SSL_context_init (void (*info_cb_func));
 #define _SSL_context_free(a)	SSL_CTX_free(a);
 
 SSL *_SSL_socket (SSL_CTX *ctx, int sd);
-char *_SSL_set_verify (SSL_CTX *ctx, void *(verify_callback), char *cacert);
+char *_SSL_set_verify (SSL_CTX *ctx, void *(verify_callback));
 /*
     int SSL_connect(SSL *);
     int SSL_accept(SSL *);