mirror of
https://github.com/moparisthebest/curl
synced 2024-12-21 23:58:49 -05:00
Armel Asselin separated CA cert verification problems from problems with
reading the (local) CA cert file to let users easier pinpoint the actual problem. CURLE_SSL_CACERT_BADFILE (77) is the new libcurl error code.
This commit is contained in:
parent
33acd6f041
commit
4e717cdb30
5
CHANGES
5
CHANGES
@ -6,6 +6,11 @@
|
||||
|
||||
Changelog
|
||||
|
||||
Daniel (21 October 2006)
|
||||
- Armel Asselin separated CA cert verification problems from problems with
|
||||
reading the (local) CA cert file to let users easier pinpoint the actual
|
||||
problem. CURLE_SSL_CACERT_BADFILE (77) is the new libcurl error code.
|
||||
|
||||
Daniel (18 October 2006)
|
||||
- Removed the "protocol-guessing" for URLs with host names starting with FTPS
|
||||
or TELNET since they are practically non-existant. This leaves us with only
|
||||
|
@ -10,7 +10,8 @@ Curl and libcurl 7.16.0
|
||||
Number of contributors: 515
|
||||
|
||||
This release includes the following changes:
|
||||
|
||||
|
||||
o Added CURLE_SSL_CACERT_BADFILE
|
||||
o Added CURLMOPT_TIMERFUNCTION
|
||||
o The CURLOPT_SOURCE_* options are removed and so are the --3p* command line
|
||||
options
|
||||
|
@ -174,7 +174,7 @@ problem with the local client certificate
|
||||
.IP "CURLE_SSL_CIPHER (59)"
|
||||
couldn't use specified cipher
|
||||
.IP "CURLE_SSL_CACERT (60)"
|
||||
problem with the CA cert (path? access rights?)
|
||||
peer certificate cannot be authenticated with known CA certificates
|
||||
.IP "CURLE_BAD_CONTENT_ENCODING (61)"
|
||||
Unrecognized transfer encoding
|
||||
.IP "CURLE_LDAP_INVALID_URL (62)"
|
||||
@ -208,6 +208,8 @@ No such TFTP user
|
||||
Character conversion failed
|
||||
.IP "CURLE_CONV_REQD (76)"
|
||||
Caller must register conversion callbacks
|
||||
.IP "CURLE_SSL_CACERT_BADFILE (77)"
|
||||
Problem with reading the SSL CA cert (path? access rights?)
|
||||
.SH "CURLMcode"
|
||||
This is the generic return code used by functions in the libcurl multi
|
||||
interface. Also consider \fIcurl_multi_strerror(3)\fP.
|
||||
|
@ -390,6 +390,8 @@ typedef enum {
|
||||
CURLOPT_CONV_FROM_NETWORK_FUNCTION,
|
||||
CURLOPT_CONV_TO_NETWORK_FUNCTION, and
|
||||
CURLOPT_CONV_FROM_UTF8_FUNCTION */
|
||||
CURLE_SSL_CACERT_BADFILE, /* 77 - could not load CACERT file, missing
|
||||
or wrong format */
|
||||
CURL_LAST /* never use! */
|
||||
} CURLcode;
|
||||
|
||||
|
@ -5,7 +5,7 @@
|
||||
* | (__| |_| | _ <| |___
|
||||
* \___|\___/|_| \_\_____|
|
||||
*
|
||||
* Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
* Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||
*
|
||||
* This software is licensed as described in the file COPYING, which
|
||||
* you should have received as part of this distribution. The terms
|
||||
@ -234,9 +234,12 @@ Curl_gtls_connect(struct connectdata *conn,
|
||||
rc = gnutls_certificate_set_x509_trust_file(conn->ssl[sockindex].cred,
|
||||
data->set.ssl.CAfile,
|
||||
GNUTLS_X509_FMT_PEM);
|
||||
if(rc < 0)
|
||||
if(rc < 0) {
|
||||
infof(data, "error reading ca cert file %s (%s)\n",
|
||||
data->set.ssl.CAfile, gnutls_strerror(rc));
|
||||
if (data->set.ssl.verifypeer)
|
||||
return CURLE_SSL_CACERT_BADFILE;
|
||||
}
|
||||
else
|
||||
infof(data, "found %d certificates in %s\n",
|
||||
rc, data->set.ssl.CAfile);
|
||||
|
@ -1272,7 +1272,7 @@ Curl_ossl_connect_step1(struct connectdata *conn,
|
||||
" CAfile: %s\n CApath: %s\n",
|
||||
data->set.ssl.CAfile ? data->set.ssl.CAfile : "none",
|
||||
data->set.ssl.CApath ? data->set.ssl.CApath : "none");
|
||||
return CURLE_SSL_CACERT;
|
||||
return CURLE_SSL_CACERT_BADFILE;
|
||||
}
|
||||
else {
|
||||
/* Just continue with a warning if no strict certificate verification
|
||||
|
@ -227,6 +227,9 @@ curl_easy_strerror(CURLcode error)
|
||||
return "couldn't use specified SSL cipher";
|
||||
|
||||
case CURLE_SSL_CACERT:
|
||||
return "peer certificate cannot be authenticated with known CA certificates";
|
||||
|
||||
case CURLE_SSL_CACERT_BADFILE:
|
||||
return "problem with the SSL CA cert (path? access rights?)";
|
||||
|
||||
case CURLE_BAD_CONTENT_ENCODING:
|
||||
|
@ -28,6 +28,6 @@ https://%HOSTIP:%HTTPSPORT/want/305 --cacert moooo
|
||||
<protocol>
|
||||
</protocol>
|
||||
<errorcode>
|
||||
60
|
||||
77
|
||||
</errorcode>
|
||||
</verify>
|
||||
|
Loading…
Reference in New Issue
Block a user