]> granicus.if.org Git - curl/commitdiff
projects / curl / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5a3efb1)
openssl: return CURLE_PEER_FAILED_VERIFICATION on failure to parse issuer
authorHan Han <hhan@thousandeyes.com>
Thu, 16 Aug 2018 19:41:31 +0000 (12:41 -0700)
committerDaniel Stenberg <daniel@haxx.se>
Thu, 6 Sep 2018 06:27:15 +0000 (08:27 +0200)
Failure to extract the issuer name from the server certificate should
return a more specific error code like on other TLS backends.

lib/vtls/openssl.c patch | blob | history

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index a487f553c90d24c15fd0eb7bfd4a3b85357154b5..ce890fe3c0c55fab977bb517ca5bdbbde99b14e2 100644 (file)
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -3210,7 +3210,7 @@ static CURLcode servercert(struct connectdata *conn,
           ossl_strerror(ERR_get_error(), error_buffer,
                         sizeof(error_buffer)) );
     BIO_free(mem);
-    return 0;
+    return CURLE_OUT_OF_MEMORY;
   }
 
   BACKEND->server_cert = SSL_get_peer_certificate(BACKEND->handle);
@@ -3257,7 +3257,7 @@ static CURLcode servercert(struct connectdata *conn,
   if(rc) {
     if(strict)
       failf(data, "SSL: couldn't get X509-issuer name!");
-    result = CURLE_SSL_CONNECT_ERROR;
+    result = CURLE_PEER_FAILED_VERIFICATION;
   }
   else {
     infof(data, " issuer: %s\n", buffer);
Unnamed repository; edit this file 'description' to name the repository.