1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-21 23:58:49 -05:00

cyassl.c: return the correct error code on no CA cert

CyaSSL 3.0.0 returns a unique error code if no CA cert is available,
so translate that into CURLE_SSL_CACERT_BADFILE when peer verification
is requested.
This commit is contained in:
Dan Fandrich 2014-07-23 00:43:47 +02:00
parent cc52d776dd
commit 713f96ee0c

View File

@ -144,7 +144,7 @@ cyassl_connect_step1(struct connectdata *conn,
data->set.str[STRING_SSL_CAFILE],
data->set.str[STRING_SSL_CAPATH])) {
if(data->set.ssl.verifypeer) {
/* Fail if we insiste on successfully verifying the server. */
/* Fail if we insist on successfully verifying the server. */
failf(data,"error setting certificate verify locations:\n"
" CAfile: %s\n CApath: %s",
data->set.str[STRING_SSL_CAFILE]?
@ -154,7 +154,7 @@ cyassl_connect_step1(struct connectdata *conn,
return CURLE_SSL_CACERT_BADFILE;
}
else {
/* Just continue with a warning if no strict certificate
/* Just continue with a warning if no strict certificate
verification is required. */
infof(data, "error setting certificate verify locations,"
" continuing anyway:\n");
@ -299,6 +299,18 @@ cyassl_connect_step2(struct connectdata *conn,
}
#endif
}
else if(ASN_NO_SIGNER_E == detail) {
if(data->set.ssl.verifypeer) {
failf(data, "\tCA signer not available for verification\n");
return CURLE_SSL_CACERT_BADFILE;
}
else {
/* Just continue with a warning if no strict certificate
verification is required. */
infof(data, "CA signer not available for verification, "
"continuing anyway\n");
}
}
else {
failf(data, "SSL_connect failed with error %d: %s", detail,
ERR_error_string(detail, error_buffer));