1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-21 23:58:49 -05:00

Armel Asselin separated CA cert verification problems from problems with

reading the (local) CA cert file to let users easier pinpoint the actual
problem. CURLE_SSL_CACERT_BADFILE (77) is the new libcurl error code.
This commit is contained in:
Daniel Stenberg 2006-10-21 11:32:05 +00:00
parent 33acd6f041
commit 4e717cdb30
8 changed files with 22 additions and 6 deletions

View File

@ -6,6 +6,11 @@
Changelog
Daniel (21 October 2006)
- Armel Asselin separated CA cert verification problems from problems with
reading the (local) CA cert file to let users easier pinpoint the actual
problem. CURLE_SSL_CACERT_BADFILE (77) is the new libcurl error code.
Daniel (18 October 2006)
- Removed the "protocol-guessing" for URLs with host names starting with FTPS
or TELNET since they are practically non-existant. This leaves us with only

View File

@ -10,7 +10,8 @@ Curl and libcurl 7.16.0
Number of contributors: 515
This release includes the following changes:
o Added CURLE_SSL_CACERT_BADFILE
o Added CURLMOPT_TIMERFUNCTION
o The CURLOPT_SOURCE_* options are removed and so are the --3p* command line
options

View File

@ -174,7 +174,7 @@ problem with the local client certificate
.IP "CURLE_SSL_CIPHER (59)"
couldn't use specified cipher
.IP "CURLE_SSL_CACERT (60)"
problem with the CA cert (path? access rights?)
peer certificate cannot be authenticated with known CA certificates
.IP "CURLE_BAD_CONTENT_ENCODING (61)"
Unrecognized transfer encoding
.IP "CURLE_LDAP_INVALID_URL (62)"
@ -208,6 +208,8 @@ No such TFTP user
Character conversion failed
.IP "CURLE_CONV_REQD (76)"
Caller must register conversion callbacks
.IP "CURLE_SSL_CACERT_BADFILE (77)"
Problem with reading the SSL CA cert (path? access rights?)
.SH "CURLMcode"
This is the generic return code used by functions in the libcurl multi
interface. Also consider \fIcurl_multi_strerror(3)\fP.

View File

@ -390,6 +390,8 @@ typedef enum {
CURLOPT_CONV_FROM_NETWORK_FUNCTION,
CURLOPT_CONV_TO_NETWORK_FUNCTION, and
CURLOPT_CONV_FROM_UTF8_FUNCTION */
CURLE_SSL_CACERT_BADFILE, /* 77 - could not load CACERT file, missing
or wrong format */
CURL_LAST /* never use! */
} CURLcode;

View File

@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
* Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@ -234,9 +234,12 @@ Curl_gtls_connect(struct connectdata *conn,
rc = gnutls_certificate_set_x509_trust_file(conn->ssl[sockindex].cred,
data->set.ssl.CAfile,
GNUTLS_X509_FMT_PEM);
if(rc < 0)
if(rc < 0) {
infof(data, "error reading ca cert file %s (%s)\n",
data->set.ssl.CAfile, gnutls_strerror(rc));
if (data->set.ssl.verifypeer)
return CURLE_SSL_CACERT_BADFILE;
}
else
infof(data, "found %d certificates in %s\n",
rc, data->set.ssl.CAfile);

View File

@ -1272,7 +1272,7 @@ Curl_ossl_connect_step1(struct connectdata *conn,
" CAfile: %s\n CApath: %s\n",
data->set.ssl.CAfile ? data->set.ssl.CAfile : "none",
data->set.ssl.CApath ? data->set.ssl.CApath : "none");
return CURLE_SSL_CACERT;
return CURLE_SSL_CACERT_BADFILE;
}
else {
/* Just continue with a warning if no strict certificate verification

View File

@ -227,6 +227,9 @@ curl_easy_strerror(CURLcode error)
return "couldn't use specified SSL cipher";
case CURLE_SSL_CACERT:
return "peer certificate cannot be authenticated with known CA certificates";
case CURLE_SSL_CACERT_BADFILE:
return "problem with the SSL CA cert (path? access rights?)";
case CURLE_BAD_CONTENT_ENCODING:

View File

@ -28,6 +28,6 @@ https://%HOSTIP:%HTTPSPORT/want/305 --cacert moooo
<protocol>
</protocol>
<errorcode>
60
77
</errorcode>
</verify>