mirror of
https://github.com/moparisthebest/curl
synced 2024-08-13 17:03:50 -04:00
openssl: consider ALERT_CERTIFICATE_EXPIRED a failed verification
If the error reason from the lib is SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED, libcurl will return CURLE_PEER_FAILED_VERIFICATION and not CURLE_SSL_CONNECT_ERROR. This unifies the libcurl return code and makes libressl run test 313 (CRL testing) fine. Closes #5934
This commit is contained in:
parent
d63b3908da
commit
6d946ad9fe
@ -3285,7 +3285,8 @@ static CURLcode ossl_connect_step2(struct connectdata *conn, int sockindex)
|
||||
reason = ERR_GET_REASON(errdetail);
|
||||
|
||||
if((lib == ERR_LIB_SSL) &&
|
||||
(reason == SSL_R_CERTIFICATE_VERIFY_FAILED)) {
|
||||
((reason == SSL_R_CERTIFICATE_VERIFY_FAILED) ||
|
||||
(reason == SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED))) {
|
||||
result = CURLE_PEER_FAILED_VERIFICATION;
|
||||
|
||||
lerr = SSL_get_verify_result(backend->handle);
|
||||
|
Loading…
Reference in New Issue
Block a user