moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2024-12-21 23:58:49 -05:00
Code Issues Releases Wiki Activity

don't bail out just because the ca file has a problem, it might be OK

Browse Source
This commit is contained in:
Daniel Stenberg 2005-04-13 12:38:01 +00:00
parent d7b11d4c33
commit 316adac511
1 changed files with 3 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
lib/gtls.c
View File

@ -145,28 +145,18 @@ Curl_gtls_connect(struct connectdata *conn,
/* allocate a cred struct */ /* allocate a cred struct */
rc = gnutls_certificate_allocate_credentials(&conn->ssl[sockindex].cred); rc = gnutls_certificate_allocate_credentials(&conn->ssl[sockindex].cred);
if(rc < 0) { if(rc < 0) {
failf(data, "gnutls_cert_all_cred() failed: %d", rc); failf(data, "gnutls_cert_all_cred() failed: %s", gnutls_strerror(rc));
return CURLE_SSL_CONNECT_ERROR; return CURLE_SSL_CONNECT_ERROR;
} }
if(data->set.ssl.CAfile) { if(data->set.ssl.CAfile) {
/* set the trusted CA cert bundle file */ /* set the trusted CA cert bundle file */
/*
* Unfortunately, if a file name is set here and this function fails for
* whatever reason (missing file, bad file, etc), gnutls will no longer
* handshake properly but it just loops forever. Therefore, we must return
* error here if we get an error when setting the CA cert file name.
*
* (Question/report posted to the help-gnutls mailing list, April 8 2005)
*/
rc = gnutls_certificate_set_x509_trust_file(conn->ssl[sockindex].cred, rc = gnutls_certificate_set_x509_trust_file(conn->ssl[sockindex].cred,
data->set.ssl.CAfile, data->set.ssl.CAfile,
GNUTLS_X509_FMT_PEM); GNUTLS_X509_FMT_PEM);
if(rc) { if(rc) {
failf(data, "error reading the ca cert file %s", infof(data, "error reading ca cert file %s (%s)",
data->set.ssl.CAfile); data->set.ssl.CAfile, gnutls_strerror(rc));
return CURLE_SSL_CACERT;
} }
} }