Index: generic/tls.c ================================================================== --- generic/tls.c +++ generic/tls.c @@ -2061,11 +2061,15 @@ if (CApath != NULL || CAfile != NULL) { Tcl_DString ds1; Tcl_DStringInit(&ds1); if (!SSL_CTX_load_verify_locations(ctx, F2N(CAfile, &ds), F2N(CApath, &ds1))) { - abort++; + Tcl_AppendResult(interp, GET_ERR_REASON(), (char *) NULL); + SSL_CTX_free(ctx); + Tcl_DStringFree(&ds); + Tcl_DStringFree(&ds1); + return NULL; } Tcl_DStringFree(&ds); Tcl_DStringFree(&ds1); /* Set list of CAs to send to client when requesting a client certificate */ @@ -2077,30 +2081,39 @@ } Tcl_DStringFree(&ds); } #else - /* Directory containing CA certificates in PEM format. */ + /* Set directory containing CA certificates in PEM format. */ if (CApath != NULL) { if (!SSL_CTX_load_verify_dir(ctx, F2N(CApath, &ds))) { - abort++; + Tcl_AppendResult(interp, GET_ERR_REASON(), (char *) NULL); + SSL_CTX_free(ctx); + Tcl_DStringFree(&ds); + return NULL; } Tcl_DStringFree(&ds); } - /* URI for to a store, which may be a single container or a catalog of containers. */ + /* Set URI for to a store, which may be a single container or a catalog of containers. */ if (CAstore != NULL) { if (!SSL_CTX_load_verify_store(ctx, F2N(CAstore, &ds))) { - abort++; + Tcl_AppendResult(interp, GET_ERR_REASON(), (char *) NULL); + SSL_CTX_free(ctx); + Tcl_DStringFree(&ds); + return NULL; } Tcl_DStringFree(&ds); } - /* File of CA certificates in PEM format. */ + /* Set file of CA certificates in PEM format. */ if (CAfile != NULL) { if (!SSL_CTX_load_verify_file(ctx, F2N(CAfile, &ds))) { - abort++; + Tcl_AppendResult(interp, GET_ERR_REASON(), (char *) NULL); + SSL_CTX_free(ctx); + Tcl_DStringFree(&ds); + return NULL; } Tcl_DStringFree(&ds); /* Set list of CAs to send to client when requesting a client certificate */ STACK_OF(X509_NAME) *certNames = SSL_load_client_CA_file(F2N(CAfile, &ds));