@@ -11,12 +11,16 @@ use self::openssl::ssl::{
1111 SslVerifyMode ,
1212} ;
1313use self :: openssl:: x509:: { store:: X509StoreBuilder , X509VerifyResult , X509 } ;
14+ use self :: openssl_probe:: ProbeResult ;
1415use std:: error;
1516use std:: fmt;
1617use std:: io;
18+ use std:: sync:: LazyLock ;
1719
1820use { Protocol , TlsAcceptorBuilder , TlsConnectorBuilder } ;
1921
22+ static PROBE_RESULT : LazyLock < ProbeResult > = LazyLock :: new ( openssl_probe:: probe) ;
23+
2024#[ cfg( have_min_max_version) ]
2125fn supported_protocols (
2226 min : Option < Protocol > ,
@@ -268,8 +272,17 @@ impl TlsConnector {
268272 pub fn new ( builder : & TlsConnectorBuilder ) -> Result < TlsConnector , Error > {
269273 let mut connector = SslConnector :: builder ( SslMethod :: tls ( ) ) ?;
270274
271- let probe = openssl_probe:: probe ( ) ;
272- connector. load_verify_locations ( probe. cert_file . as_deref ( ) , probe. cert_dir . as_deref ( ) ) ?;
275+ // We need to load these separately so an error on one doesn't prevent the other from loading.
276+ if let Some ( cert_file) = & PROBE_RESULT . cert_file {
277+ if let Err ( e) = connector. load_verify_locations ( Some ( cert_file) , None ) {
278+ debug ! ( "load_verify_locations cert file error: {:?}" , e) ;
279+ }
280+ }
281+ if let Some ( cert_dir) = & PROBE_RESULT . cert_dir {
282+ if let Err ( e) = connector. load_verify_locations ( None , Some ( cert_dir) ) {
283+ debug ! ( "load_verify_locations cert dir error: {:?}" , e) ;
284+ }
285+ }
273286
274287 if let Some ( ref identity) = builder. identity {
275288 connector. set_certificate ( & identity. 0 . cert ) ?;
0 commit comments