From 74467f8e7837f8a58ce08725efc391b189f37466 Mon Sep 17 00:00:00 2001 From: Nick Zitzmann Date: Mon, 1 Apr 2013 18:24:32 -0600 Subject: [PATCH] darwinssl: additional descriptive messages of SSL handshake errors (This doesn't need to appear in the release notes.) --- lib/curl_darwinssl.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/lib/curl_darwinssl.c b/lib/curl_darwinssl.c index 5340c6142..4b3149db4 100644 --- a/lib/curl_darwinssl.c +++ b/lib/curl_darwinssl.c @@ -995,6 +995,10 @@ darwinssl_connect_step2(struct connectdata *conn, int sockindex) failf(data, "SSL certificate problem: Certificate chain had an " "expired certificate"); return CURLE_SSL_CACERT; + case errSSLBadCert: + failf(data, "SSL certificate problem: Couldn't understand the server " + "certificate format"); + return CURLE_SSL_CONNECT_ERROR; /* This error is raised if the server's cert didn't match the server's host name: */ @@ -1010,10 +1014,18 @@ darwinssl_connect_step2(struct connectdata *conn, int sockindex) case errSSLClosedAbort: failf(data, "Server aborted the SSL handshake"); return CURLE_SSL_CONNECT_ERROR; - case paramErr: /* if you're getting this, it could be a cipher problem */ + case errSSLNegotiation: + failf(data, "Could not negotiate an SSL cipher suite with the server"); + return CURLE_SSL_CONNECT_ERROR; + /* Sometimes paramErr happens with buggy ciphers: */ + case paramErr: case errSSLInternal: failf(data, "Internal SSL engine error encountered during the " "SSL handshake"); return CURLE_SSL_CONNECT_ERROR; + case errSSLFatalAlert: + failf(data, "Fatal SSL engine error encountered during the SSL " + "handshake"); + return CURLE_SSL_CONNECT_ERROR; default: failf(data, "Unknown SSL protocol error in connection to %s:%d", conn->host.name, err);