mirror of
https://github.com/moparisthebest/curl
synced 2024-08-13 17:03:50 -04:00
openssl: consider ALERT_CERTIFICATE_EXPIRED a failed verification
If the error reason from the lib is SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED, libcurl will return CURLE_PEER_FAILED_VERIFICATION and not CURLE_SSL_CONNECT_ERROR. This unifies the libcurl return code and makes libressl run test 313 (CRL testing) fine. Closes #5934
This commit is contained in:
parent
d63b3908da
commit
6d946ad9fe
@ -3285,7 +3285,8 @@ static CURLcode ossl_connect_step2(struct connectdata *conn, int sockindex)
|
|||||||
reason = ERR_GET_REASON(errdetail);
|
reason = ERR_GET_REASON(errdetail);
|
||||||
|
|
||||||
if((lib == ERR_LIB_SSL) &&
|
if((lib == ERR_LIB_SSL) &&
|
||||||
(reason == SSL_R_CERTIFICATE_VERIFY_FAILED)) {
|
((reason == SSL_R_CERTIFICATE_VERIFY_FAILED) ||
|
||||||
|
(reason == SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED))) {
|
||||||
result = CURLE_PEER_FAILED_VERIFICATION;
|
result = CURLE_PEER_FAILED_VERIFICATION;
|
||||||
|
|
||||||
lerr = SSL_get_verify_result(backend->handle);
|
lerr = SSL_get_verify_result(backend->handle);
|
||||||
|
Loading…
Reference in New Issue
Block a user