Restored the SSL error codes since they was broken in the 7.10.4 release,

also now attempt to detect and return the specific CACERT error code.
2024-12-21 23:58:49 -05:00 · 2003-04-14 12:53:29 +00:00 · 2003-04-14 12:53:29 +00:00 · 21873b52e9
commit 21873b52e9
parent 0aa8b82871
1 changed files with 23 additions and 7 deletions
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@ -900,14 +900,30 @@ Curl_SSLConnect(struct connectdata *conn)
        /* untreated error */
        char error_buffer[120]; /* OpenSSL documents that this must be at least
                                   120 bytes long. */
-        /* detail is already set to the SSL error above */
-        failf(data, "SSL: %s", ERR_error_string(detail, error_buffer));

-        /* OpenSSL 0.9.6 and later has a function named
-           ERRO_error_string_n() that takes the size of the buffer as a third
-           argument, and we should possibly switch to using that one in the
-           future. */
-        return CURLE_SSL_CONNECT_ERROR;
+        detail = ERR_get_error(); /* Gets the earliest error code from the
+                                     thread's error queue and removes the
+                                     entry. */
+
+        
+        if(0x14090086 == detail) {
+          /* 14090086:
+             SSL routines:
+             SSL3_GET_SERVER_CERTIFICATE:
+             certificate verify failed */
+          failf(data,
+                "SSL certificate problem, verify that the CA cert is OK");
+          return CURLE_SSL_CACERT;
+        }
+        else {
+          /* detail is already set to the SSL error above */
+          failf(data, "SSL: %s", ERR_error_string(detail, error_buffer));
+          /* OpenSSL 0.9.6 and later has a function named
+             ERRO_error_string_n() that takes the size of the buffer as a third
+             argument, and we should possibly switch to using that one in the
+             future. */
+          return CURLE_SSL_CONNECT_ERROR;
+        }
      }
    }
    else