mirror of
https://github.com/moparisthebest/curl
synced 2024-12-22 08:08:50 -05:00
cyassl.c: return the correct error code on no CA cert
CyaSSL 3.0.0 returns a unique error code if no CA cert is available, so translate that into CURLE_SSL_CACERT_BADFILE when peer verification is requested.
This commit is contained in:
parent
cc52d776dd
commit
713f96ee0c
@ -144,7 +144,7 @@ cyassl_connect_step1(struct connectdata *conn,
|
||||
data->set.str[STRING_SSL_CAFILE],
|
||||
data->set.str[STRING_SSL_CAPATH])) {
|
||||
if(data->set.ssl.verifypeer) {
|
||||
/* Fail if we insiste on successfully verifying the server. */
|
||||
/* Fail if we insist on successfully verifying the server. */
|
||||
failf(data,"error setting certificate verify locations:\n"
|
||||
" CAfile: %s\n CApath: %s",
|
||||
data->set.str[STRING_SSL_CAFILE]?
|
||||
@ -299,6 +299,18 @@ cyassl_connect_step2(struct connectdata *conn,
|
||||
}
|
||||
#endif
|
||||
}
|
||||
else if(ASN_NO_SIGNER_E == detail) {
|
||||
if(data->set.ssl.verifypeer) {
|
||||
failf(data, "\tCA signer not available for verification\n");
|
||||
return CURLE_SSL_CACERT_BADFILE;
|
||||
}
|
||||
else {
|
||||
/* Just continue with a warning if no strict certificate
|
||||
verification is required. */
|
||||
infof(data, "CA signer not available for verification, "
|
||||
"continuing anyway\n");
|
||||
}
|
||||
}
|
||||
else {
|
||||
failf(data, "SSL_connect failed with error %d: %s", detail,
|
||||
ERR_error_string(detail, error_buffer));
|
||||
|
Loading…
Reference in New Issue
Block a user