From 21873b52e94ba2f08f2337756cd0c52a326a0559 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 14 Apr 2003 12:53:29 +0000 Subject: [PATCH] Restored the SSL error codes since they was broken in the 7.10.4 release, also now attempt to detect and return the specific CACERT error code. --- lib/ssluse.c | 30 +++++++++++++++++++++++------- 1 file changed, 23 insertions(+), 7 deletions(-) diff --git a/lib/ssluse.c b/lib/ssluse.c index 89fca51bf..c374d7905 100644 --- a/lib/ssluse.c +++ b/lib/ssluse.c @@ -900,14 +900,30 @@ Curl_SSLConnect(struct connectdata *conn) /* untreated error */ char error_buffer[120]; /* OpenSSL documents that this must be at least 120 bytes long. */ - /* detail is already set to the SSL error above */ - failf(data, "SSL: %s", ERR_error_string(detail, error_buffer)); - /* OpenSSL 0.9.6 and later has a function named - ERRO_error_string_n() that takes the size of the buffer as a third - argument, and we should possibly switch to using that one in the - future. */ - return CURLE_SSL_CONNECT_ERROR; + detail = ERR_get_error(); /* Gets the earliest error code from the + thread's error queue and removes the + entry. */ + + + if(0x14090086 == detail) { + /* 14090086: + SSL routines: + SSL3_GET_SERVER_CERTIFICATE: + certificate verify failed */ + failf(data, + "SSL certificate problem, verify that the CA cert is OK"); + return CURLE_SSL_CACERT; + } + else { + /* detail is already set to the SSL error above */ + failf(data, "SSL: %s", ERR_error_string(detail, error_buffer)); + /* OpenSSL 0.9.6 and later has a function named + ERRO_error_string_n() that takes the size of the buffer as a third + argument, and we should possibly switch to using that one in the + future. */ + return CURLE_SSL_CONNECT_ERROR; + } } } else