Index: qpid-proton-0.31.0/c/src/ssl/openssl.c =================================================================== --- qpid-proton-0.31.0.orig/c/src/ssl/openssl.c 2020-06-03 18:25:09.020577060 +0200 +++ qpid-proton-0.31.0/c/src/ssl/openssl.c 2020-06-03 18:26:10.217016007 +0200 @@ -702,7 +702,7 @@ int pn_ssl_domain_set_trusted_ca_db(pn_s if (!domain) return -1; // certificates can be either a file or a directory, which determines how it is passed - // to SSL_CTX_load_verify_locations() + // to SSL_CTX_load_verify_*() struct stat sbuf; if (stat( certificate_db, &sbuf ) != 0) { ssl_log(NULL, PN_LEVEL_ERROR, "stat(%s) failed: %s", certificate_db, strerror(errno)); @@ -719,10 +719,24 @@ int pn_ssl_domain_set_trusted_ca_db(pn_s file = certificate_db; } +#if defined(OPENSSL_VERSION_MAJOR) && OPENSSL_VERSION_MAJOR >= 3 + if (dir) { + if (SSL_CTX_load_verify_dir( domain->ctx, dir ) != 1) { + ssl_log_error("SSL_CTX_load_verify_dir( %s ) failed", certificate_db); + return -1; + } + } else { + if (SSL_CTX_load_verify_file( domain->ctx, file ) != 1) { + ssl_log_error("SSL_CTX_load_verify_file( %s ) failed", certificate_db); + return -1; + } + } +#else if (SSL_CTX_load_verify_locations( domain->ctx, file, dir ) != 1) { ssl_log_error("SSL_CTX_load_verify_locations( %s ) failed", certificate_db); return -1; } +#endif return 0; }