Added warning that --capath is not available with PolarSSL

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>

2 files changed, 3 insertions, 0 deletions

diff --git a/openvpn.8 b/openvpn.8
index 8e8ea8f..4e3b87b 100644
--- a/openvpn.8
+++ b/openvpn.8
@@ -3952,6 +3952,7 @@ they are distributed with OpenVPN, they are totally insecure.
 .B \-\-capath dir
 Directory containing trusted certificates (CAs and CRLs).
 Available with OpenSSL version >= 0.9.7 dev.
+Not available with PolarSSL.
 .\"*********************************************************
 .TP
 .B \-\-dh file
diff --git a/options.c b/options.c
index 68c2a69..635cef2 100644
--- a/options.c
+++ b/options.c
@@ -2281,6 +2281,8 @@ options_postprocess_verify_ce (const struct options *options, const struct conne
 #ifdef USE_POLARSSL
 	  if (!(options->ca_file))
 	    msg(M_USAGE, "You must define CA file (--ca)");
+          if (options->ca_path)
+            msg(M_USAGE, "Parameter --capath cannot be used with the PolarSSL version version of OpenVPN.");
 #else
 	  if ((!(options->ca_file)) && (!(options->ca_path)))
 	    msg(M_USAGE, "You must define CA file (--ca) or CA path (--capath)");