From 444307c58a41cc0d70138045fc412f0f81c4b5bf Mon Sep 17 00:00:00 2001
From: Jamie Cameron <jcameron@webmin.com>
Date: Fri, 8 Nov 2024 15:16:40 -0800
Subject: [PATCH] There could be multiple CA paths

---
 web-lib-funcs.pl | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/web-lib-funcs.pl b/web-lib-funcs.pl
index b36b01c7f..9a9b09030 100755
--- a/web-lib-funcs.pl
+++ b/web-lib-funcs.pl
@@ -9107,13 +9107,15 @@ if ($ssl) {
 	if ($certreqs && $certreqs->{'capath'}) {
 		# Require that remote cert be signed by a valid CA
 		$main::last_set_verify_err = undef;
-		if (-d $certreqs->{'capath'}) {
-			Net::SSLeay::CTX_load_verify_locations(
-				$rv->{'ssl_ctx'}, "", $certreqs->{'capath'});
-			}
-		else {
-			Net::SSLeay::CTX_load_verify_locations(
-				$rv->{'ssl_ctx'}, $certreqs->{'capath'}, "");
+		foreach my $capath (split(/\s+/, $certreqs->{'capath'})) {
+			if (-d $capath) {
+				Net::SSLeay::CTX_load_verify_locations(
+					$rv->{'ssl_ctx'}, "", $capath);
+				}
+			else {
+				Net::SSLeay::CTX_load_verify_locations(
+					$rv->{'ssl_ctx'}, $capath, "");
+				}
 			}
 		Net::SSLeay::CTX_set_verify(
 			$rv->{'ssl_ctx'}, &Net::SSLeay::VERIFY_PEER,