Restored the SSL error codes since they was broken in the 7.10.4 release,

also now attempt to detect and return the specific CACERT error code.

lib/ssluse.c

@@ -900,9 +900,24 @@ Curl_SSLConnect(struct connectdata *conn)
         /* untreated error */
         char error_buffer[120]; /* OpenSSL documents that this must be at least
                                    120 bytes long. */
+
+        detail = ERR_get_error(); /* Gets the earliest error code from the
+                                     thread's error queue and removes the
+                                     entry. */
+
+        
+        if(0x14090086 == detail) {
+          /* 14090086:
+             SSL routines:
+             SSL3_GET_SERVER_CERTIFICATE:
+             certificate verify failed */
+          failf(data,
+                "SSL certificate problem, verify that the CA cert is OK");
+          return CURLE_SSL_CACERT;
+        }
+        else {
           /* detail is already set to the SSL error above */
           failf(data, "SSL: %s", ERR_error_string(detail, error_buffer));
-
           /* OpenSSL 0.9.6 and later has a function named
              ERRO_error_string_n() that takes the size of the buffer as a third
              argument, and we should possibly switch to using that one in the
@@ -910,6 +925,7 @@ Curl_SSLConnect(struct connectdata *conn)
           return CURLE_SSL_CONNECT_ERROR;
         }
       }
+    }
     else
       /* we have been connected fine, get out of the connect loop */
       break;