From: Daniel Stenberg <daniel@haxx.se>
Date: Sun, 4 May 2014 21:53:38 +0000 (+0200)
Subject: CURLINFO_SSL_VERIFYRESULT: assign at first connect call
X-Git-Tag: curl-7_37_0~32
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=53a5b95c215860e3c392b011f2645e2bdd70246c;p=curl

CURLINFO_SSL_VERIFYRESULT: assign at first connect call

The variable wasn't assigned at all until step3 which would lead to a
failed connect never assigning the variable and thus returning a bad
value.

Reported-by: Larry Lin
Bug: http://curl.haxx.se/mail/lib-2014-04/0203.html
---

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index d13436d91..68c10678a 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -1501,6 +1501,8 @@ ossl_connect_step1(struct connectdata *conn,
   /* Make funny stuff to get random input */
   Curl_ossl_seed(data);
 
+  data->set.ssl.certverifyresult = !X509_V_OK;
+
   /* check to see if we've been told to use an explicit SSL/TLS version */
 
   switch(data->set.ssl.version) {
@@ -2363,8 +2365,6 @@ static CURLcode servercert(struct connectdata *conn,
     /* we've been asked to gather certificate info! */
     (void)get_cert_chain(conn, connssl);
 
-  data->set.ssl.certverifyresult = !X509_V_OK;
-
   connssl->server_cert = SSL_get_peer_certificate(connssl->handle);
   if(!connssl->server_cert) {
     if(strict)