diff --git a/CHANGES b/CHANGES
index 97cbdd9fff2058020ee8eed6fb19a1eef80ed378..c3f7f1890bc698fd305d78a3b13214649301ab24 100644
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,11 @@
 
  Changes between 0.9.1c and 0.9.2
 
+  *) Generate an error if given an empty string as a cert directory. Also
+     generate an error if handed NULL (previously returned 0 to indicate an
+     error, but didn't set one).
+     [Ben Laurie, reported by Anonymous <nobody@replay.com>]
+
   *) Add prototypes to SSL methods. Make SSL_write's buffer const, at last.
      [Ben Laurie]
 
diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c
index 11725ec94c6e4e26facd6f8370e1cc72d66cfbe1..ee47582b0007d47babce2f408603b6194b19dbae 100644
--- a/crypto/x509/by_dir.c
+++ b/crypto/x509/by_dir.c
@@ -192,7 +192,11 @@ int type;
 	char *s,*ss,*p;
 	char **pp;
 
-	if (dir == NULL) return(0);
+	if (dir == NULL || !*dir)
+	    {
+	    X509err(X509_F_ADD_CERT_DIR,X509_R_INVALID_DIRECTORY);
+	    return 0;
+	    }
 
 	s=dir;
 	p=s;