From: Andrej E Baranov <admin@andrej-andb.ru>
Date: Sat, 12 Oct 2013 23:02:03 +0000 (+0200)
Subject: OpenSSL: use failf() when subjectAltName mismatches
X-Git-Tag: curl-7_33_0~3
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=39beaa5ffbccd5b36ae576d32cab2ba0ed3901de;p=curl

OpenSSL: use failf() when subjectAltName mismatches

Write to CURLOPT_ERRORBUFFER information about mismatch alternative
certificate subject names.

Signed-off-by: Andrej E Baranov <admin@andrej-andb.ru>
---

diff --git a/lib/ssluse.c b/lib/ssluse.c
index 9974ac85e..ef0c88205 100644
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -1192,6 +1192,8 @@ static CURLcode verifyhost(struct connectdata *conn,
     /* an alternative name field existed, but didn't match and then
        we MUST fail */
     infof(data, "\t subjectAltName does not match %s\n", conn->host.dispname);
+    failf(data, "SSL: alternative certificate subject names does not match "
+            "target host name '%s'", conn->host.dispname);
     res = CURLE_PEER_FAILED_VERIFICATION;
   }
   else {