===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/openssl/s_client.c,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -r1.27 -r1.28
--- src/usr.bin/openssl/s_client.c	2015/12/01 12:01:56	1.27
+++ src/usr.bin/openssl/s_client.c	2016/06/21 03:56:43	1.28
@@ -1,4 +1,4 @@
-/* $OpenBSD: s_client.c,v 1.27 2015/12/01 12:01:56 jca Exp $ */
+/* $OpenBSD: s_client.c,v 1.28 2016/06/21 03:56:43 bcook Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -728,15 +728,13 @@
 	if (!set_cert_key_stuff(ctx, cert, key))
 		goto end;
 
-	if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
-	    (!SSL_CTX_set_default_verify_paths(ctx))) {
-		/*
-		 * BIO_printf(bio_err,"error setting default verify
-		 * locations\n");
-		 */
+	if ((CAfile || CApath)
+	    && !SSL_CTX_load_verify_locations(ctx, CAfile, CApath))
 		ERR_print_errors(bio_err);
-		/* goto end; */
-	}
+
+	if (!SSL_CTX_set_default_verify_paths(ctx))
+		ERR_print_errors(bio_err);
+
 	if (servername != NULL) {
 		tlsextcbp.biodebug = bio_err;
 		SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);