From ff0defdc137b770a93eee26ef42950e8acc572bb Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Thu, 22 Jul 2021 23:54:25 +0100
Subject: [PATCH] ITS#6248 fix prev commit tlso_ca_list

Don't quit on first dir failure, try them all before giving up.
---
 libraries/libldap/tls_o.c | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/libraries/libldap/tls_o.c b/libraries/libldap/tls_o.c
index 9c1f019499..283ec4c266 100644
--- a/libraries/libldap/tls_o.c
+++ b/libraries/libldap/tls_o.c
@@ -172,19 +172,18 @@ tlso_ca_list( char * bundle, char * dir, X509 *cert )
 	}
 	if ( dir ) {
 		char **dirs = ldap_str2charray( dir, CERTPATHSEP );
-		int freeit = 0, i;
+		int freeit = 0, i, success = 0;
 
 		if ( !ca_list ) {
 			ca_list = sk_X509_NAME_new_null();
 			freeit = 1;
 		}
 		for ( i=0; dirs[i]; i++ ) {
-			if ( !SSL_add_dir_cert_subjects_to_stack( ca_list, dir ) &&
-				freeit ) {
-				sk_X509_NAME_free( ca_list );
-				ca_list = NULL;
-				break;
-			}
+			success += SSL_add_dir_cert_subjects_to_stack( ca_list, dir );
+		}
+		if ( !success && freeit ) {
+			sk_X509_NAME_free( ca_list );
+			ca_list = NULL;
 		}
 		ldap_charray_free( dirs );
 	}