From: Han Han <hhan@thousandeyes.com>
Date: Mon, 20 Aug 2018 22:10:40 +0000 (-0700)
Subject: x509asn1: return CURLE_PEER_FAILED_VERIFICATION on failure to parse cert
X-Git-Tag: curl-7_62_0~226
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=0029aabc5620563a840ea13b313f29ea2a9b395e;p=curl

x509asn1: return CURLE_PEER_FAILED_VERIFICATION on failure to parse cert

CURLE_PEER_FAILED_VERIFICATION makes more sense because Curl_parseX509
does not allocate memory internally as its first argument is a pointer
to the certificate structure. The same error code is also returned by
Curl_verifyhost when its call to Curl_parseX509 fails so the change
makes error handling more consistent.
---

diff --git a/lib/x509asn1.c b/lib/x509asn1.c
index 72a0b4a00..fc51e02f4 100644
--- a/lib/x509asn1.c
+++ b/lib/x509asn1.c
@@ -896,7 +896,7 @@ CURLcode Curl_extract_certinfo(struct connectdata *conn,
 
   /* Extract the certificate ASN.1 elements. */
   if(Curl_parseX509(&cert, beg, end))
-    return CURLE_OUT_OF_MEMORY;
+    return CURLE_PEER_FAILED_VERIFICATION;
 
   /* Subject. */
   ccp = DNtostr(&cert.subject);