From 07fd7871b38cc8472c3806e254ba4062e3adeae0 Mon Sep 17 00:00:00 2001 From: Dan Fandrich Date: Thu, 4 May 2017 18:19:13 +0200 Subject: [PATCH] schannel: return a more specific error code for SEC_E_UNTRUSTED_ROOT --- lib/vtls/schannel.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c index d20f30d89..94603018b 100644 --- a/lib/vtls/schannel.c +++ b/lib/vtls/schannel.c @@ -630,7 +630,8 @@ schannel_connect_step2(struct connectdata *conn, int sockindex) else failf(data, "schannel: next InitializeSecurityContext failed: %s", Curl_sspi_strerror(conn, sspi_status)); - return CURLE_SSL_CONNECT_ERROR; + return sspi_status == SEC_E_UNTRUSTED_ROOT ? + CURLE_SSL_CACERT_BADFILE : CURLE_SSL_CONNECT_ERROR; } /* check if there was additional remaining encrypted data */