CURLE_TLSAUTH_FAILED: removed

On second thought, I think CURLE_TLSAUTH_FAILED should be eliminated. It was only being raised when an internal error occurred while allocating or setting the GnuTLS SRP client credentials struct. For TLS authentication failures, the general CURLE_SSL_CONNECT_ERROR seems appropriate; its error string already includes "passwords" as a possible cause. Having a separate TLS auth error code might also cause people to think that a TLS auth failure means the wrong username or password was entered, when it could also be a sign of a man-in-the-middle attack.
2024-12-21 23:58:49 -05:00 · 2011-02-09 23:34:30 +01:00 · 2011-02-09 23:34:30 +01:00 · 3cffcba3d0
commit 3cffcba3d0
parent ae7fe3b7f4
4 changed files with 2 additions and 7 deletions
--- a/docs/libcurl/symbols-in-versions
+++ b/docs/libcurl/symbols-in-versions
@ -123,7 +123,6 @@ CURLE_TFTP_NOSUCHUSER           7.15.0
 CURLE_TFTP_NOTFOUND             7.15.0
 CURLE_TFTP_PERM                 7.15.0
 CURLE_TFTP_UNKNOWNID            7.15.0
-CURLE_TLSAUTH_FAILED            7.21.4
 CURLE_TOO_MANY_REDIRECTS        7.5
 CURLE_UNKNOWN_TELNET_OPTION     7.7
 CURLE_UNSUPPORTED_PROTOCOL      7.1
--- a/include/curl/curl.h
+++ b/include/curl/curl.h
@ -502,7 +502,6 @@ typedef enum {
  CURLE_RTSP_SESSION_ERROR,      /* 86 - mismatch of RTSP Session Identifiers */
  CURLE_FTP_BAD_FILE_LIST,       /* 87 - unable to parse FTP file list */
  CURLE_CHUNK_FAILED,            /* 88 - chunk callback reported error */
-  CURLE_TLSAUTH_FAILED,          /* 89 - Failed TLS authentication */

  CURL_LAST /* never use! */
 } CURLcode;
--- a/lib/gtls.c
+++ b/lib/gtls.c
@ -354,7 +354,7 @@ gtls_connect_step1(struct connectdata *conn,
    if(rc != GNUTLS_E_SUCCESS) {
      failf(data, "gnutls_srp_allocate_client_cred() failed: %s",
            gnutls_strerror(rc));
-      return CURLE_TLSAUTH_FAILED;
+      return CURLE_OUT_OF_MEMORY;
    }

    rc = gnutls_srp_set_client_credentials(conn->ssl[sockindex].srp_client_cred,
@ -363,7 +363,7 @@ gtls_connect_step1(struct connectdata *conn,
    if(rc != GNUTLS_E_SUCCESS) {
      failf(data, "gnutls_srp_set_client_cred() failed: %s",
            gnutls_strerror(rc));
-      return CURLE_TLSAUTH_FAILED;
+      return CURLE_BAD_FUNCTION_ARGUMENT;
    }
  }
 #endif
--- a/lib/strerror.c
+++ b/lib/strerror.c
@ -281,9 +281,6 @@ curl_easy_strerror(CURLcode error)
  case CURLE_CHUNK_FAILED:
    return "Chunk callback failed";

-  case CURLE_TLSAUTH_FAILED:
-    return "TLS Authentication failed";
-
    /* error codes not used by current libcurl */
  case CURLE_OBSOLETE4:
  case CURLE_OBSOLETE10: