diff --git a/libraries/libldap/tls_o.c b/libraries/libldap/tls_o.c
index 1b63bfb7cf..b1893a3c43 100644
--- a/libraries/libldap/tls_o.c
+++ b/libraries/libldap/tls_o.c
@@ -257,10 +257,16 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
 		return -1;
 	}
 
-	if (lo->ldo_tls_cacertfile != NULL || lo->ldo_tls_cacertdir != NULL) {
+	if ( lo->ldo_tls_cacertfile == NULL && lo->ldo_tls_cacertdir == NULL ) {
+		if ( !SSL_CTX_set_default_verify_paths( ctx ) ) {
+			Debug( LDAP_DEBUG_ANY, "TLS: "
+				"could not use default certificate paths", 0, 0, 0 );
+			tlso_report_error();
+			return -1;
+		}
+	} else {
 		if ( !SSL_CTX_load_verify_locations( ctx,
-				lt->lt_cacertfile, lt->lt_cacertdir ) ||
-			!SSL_CTX_set_default_verify_paths( ctx ) )
+				lt->lt_cacertfile, lt->lt_cacertdir ) )
 		{
 			Debug( LDAP_DEBUG_ANY, "TLS: "
 				"could not load verify locations (file:`%s',dir:`%s').\n",